Triout Framework Turns Apps Into Powerful Spyware
Bitdefender Security researchers have discovered a new Android malware named “Triout”. This malware comes outfitted with obtrusive spyware capacities, like, the capacity to record telephone calls,, collecting location data, monitoring text messages and steal videos & pictures taken with the android device – all without the user consent.
Security researchers spotted this malware (Triout) for the first time May 15, 2018, when it was first uploaded on VirusTotal, a site that collect different Anti-virus examining engines.
According to the researchers, the first sample of Triout was uploaded from Russia and it’s succeeding sample from an Israeli IP on the VirusTotal website.
However, it is still unclear that how the tainted sample of the legitimate App is publicized and obvious guess would be via third-party Android application stores, or app-sharing forums.
The Triout malware is extremely sneaky, as the appearance of cloned app and the original app can’t be justified and the cloned app function exactly like the original one. An adult Android app (called Sex Game) is analyzed by the researcher — demonstrating that how victims are tricked.
Following spy-activities can be performed by Triout:
- Records every phone call, then sends it together with the caller id to the C&C
- Logs every incoming SMS message to C&C
- Hide from the user view
- Can send all call logs (info: callname, callnum, calldate, calltype, callduration) to C&C
- Uploads copy of every picture taken with the device camera to a remote server
- Can send GPS coordinates to C&C
But, regardless of the intense abilities of the malware, the researchers found that the malware does not utilize perplexity, which helped the analysts get full access to its source code by simply unloading the APK document—proposing the malware is a work-in-progress.
Today, no operating system is safe from malware, as cyber criminals somehow finds a way to steal, spy or tamper data of their targets. So, the best way to protect yourself from falling into such categories always use trusted and verified sources like Google Play Store to download android application.