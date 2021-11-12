It’s called PhoneSpy, and it’s a new Android malware that’s been making a lot of talk in the last few hours. As the name implies, malware is capable of collecting and extracting a wide variety of data from the victim’s phone, as well as performing a wide range of malicious actions.

The existence of PhoneSpy was made public by Zimperium, a well-known company that deals with computer security. Although all the victims are currently in South Korea, PhoneSpy is to be considered very dangerous both for the immoderate amount of data it collects and for a disturbing resemblance to Pegasus, the controversial malware that Israeli developer NSO Group sells to governments around the world to spy on terrorists, criminals, and sometimes even political activists and dissidents.

PhoneSpy is installed by downloading and running what appears, at first glance, to be a legitimate application: yoga apps and apps for watching videos and images are involved. Thanks to the investigations of Zimperium, 23 malicious applications have already been identified, all in Korean and all to be installed manually via apk. At the moment, no compromised applications would have been able to make it to the Play Store.

From a technical point of view, PhoneSpy functions as an advanced Remote Access (RAT) Trojan, capable of receiving and executing commands to collect and extract a multitude of data. The list of stolen data is very long: thanks to PhoneSpy, the attackers can steal all the images and photos taken of the victim, his contacts, the call list, the social media passwords, the text of the SMS sent and received and all the information relating to the device – IMEI, brand , version of Android installed etc. –

Not just stolen photos and passwords: PhoneSpy can also record video and audio in real time

But there is more: PhoneSpy is also capable of recording, without the victim’s knowledge, clips of video in real time using both the front and rear cameras of the smartphone, audio clips always in real time as well as being able to silently send an SMS to a number chosen by the attackers.

“These infected Android applications are designed to run in the background, thus spying on its victim without arousing suspicion”Says Zimperium security specialist Aazim Yaswant. “We believe that the creators of PhoneSpy have already collected a large amount of victims’ personal data, including private conversations and photos“.

While PhoneSpy does not currently appear to be a real danger to Android users outside of South Korea, Zimperium recommends downloading applications only from the Play Store, avoiding the installation of applications from third-party stores, especially if little known.