SpyDealer Is an Advanced Malware That Can Steal Sensitive Data from Popular Android Apps


There is a reason popular systems are always a target of malicious attackers and intruders; the numbers. Such numbers have a large amount of information in their trusty gadgets or systems, and while it does necessitate obvious vulnerability in any way based on security measures in place, there are people in the wild who would love to have access to information that does not belong to them. For instance, and to put it into a better perspective, it is no secret that Android is the most popular mobile operating system in the globe as it runs in about 2 billion devices. Such an insane adoption has made it possible for people to store personal or business information in their smart handhelds.

And here is where SpyDealer comes in. A research team called Palo Alto Networks has uncovered a cutting-edge Google’s Android OS malware that has been christened ‘SpyDealer’. The malware accesses and steals private data, including messages from popular communication applications by taking advantage of low-level, privileged access to the system AKA root access. It has been discovered that SpyDealer targets more than 40 popular apps, some of which are mostly popular in China such as WeChat. Other culprits include Facebook, Telegram, WhatsApp, a bunch of browsers such as Firefox and Android Native Browser, Tango, Skype, Viber and Line, to mention a few.

The trojan, which has been operational for about 18 months, can summon more private information including calls logs, contacts, connected Wi-Fi information, IMEI or location data of compromised devices. Additionally, it can use a device’s mic or cameras to record audio and video, or even take screenshots of sensitive info. To say the least, this kind of spying is advanced, and has been made possible by a rooting apps called Baidu Easy Root to gain root.

The good news is that there is no evidence of the malware’s distribution through Google Play Store. It is why users are always advised to install apps from the store and shun sideloading apps from unverified sources.

There is no information about how many devices have been compromised, although evidence points out that Chinese users are the main culprits through compromised wireless networks. What’s more, the trojan does not exploit devices running Android Lollipop or later iterations as it seems to exploit versions 2.2 that was released back in 2010 all the way to 4.4 from 2013, and based on the latest Android distribution numbers, that’s up to 26.6% of Android devices out there.

Google is aware of the issue, which is why the search engine company has bumped up protection through its Google Play Protect program.