https://arstechnica.com/information-technology/2019/04/well-funded-surveillance-operation-infected-both-ios-and-android-devices/
By DAN GOODIN
Ars Technica
4/8/2019
Researchers recently discovered a well-funded mobile phone surveillance
operation that was capable of surreptitiously stealing a variety of data from
phones running both the iOS and Android operating systems. Researchers believe
the malware is so-called "lawful intercept" software sold to law-enforcement
and governments.
Exodus, as the malware for Android phones has been dubbed, was under
development for at least five years. It was spread in apps disguised as service
applications from Italian mobile operators. Exodus was hidden inside apps
available on phishing websites and nearly 25 apps available in Google Play. In
a report published two weeks ago, researchers at Security without Borders said
Exodus infected phones estimated to be in the "several hundreds if not a
thousand or more."
Exodus consisted of three distinct stages. The first was a small dropper that
collected basic identifying information about the device, such as the IMEI and
phone number, and sent it to a command-and-control server. A second stage was
installed almost immediately after the researchers’ test phone was infected
with the first stage and also reported to a control server. That led
researchers to believe all phones infected with stage one are indiscriminately
infected with later stages.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
