SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
9 Nov 2016

Commodity Exaspy spyware found targeting high-level executives

Researchers say they have discovered commodity Android spyware called Exaspy being used to spy on executives.

The spyware, according to Skycure Research Labs, is being sold as a $15-a-month turnkey service online and can be used to intercept nearly all phone-based communications including phone calls, text messages, Skype sessions, photos and much more.

Skycure said it discovered the spyware in September when a customer identified a fake app called “Google Services” running on one of their executive’s phones with full administrative rights, according to Elisha Eshed, researcher at Skycure. He said the victim targeted by the spyware was a high-profile executive at a global technology company. Exaspy, according to Skycure, is only compatible on Android phones and requires physical access to the phone to install the spyware.

Once installed, Exaspy hides itself on the phone by naming itself “Google Services” and installs absent of launcher icon. According to Eshed, the spyware currently is not detected by most mobile security scanners. Once installed, the spyware can “execute shell commands, or spawn a reverse shell, which allows the app to elevate its privileges using exploits that are not included in the basic package,” according to Eshed in a blog post outlining the spyware discovery.

The platform behind Exaspy consists of a command-and-control server that monitors and transmits local files (such as emails, photos and videos) and is used to execute the shell commands, according to Skycure. “Exaspy isn’t hiding on the dark web, but it’s still an unknown quantity peddling spyware,” Eshed said. “There is zero confidence that this company can be trusted – never mind with the information it is collecting on its customers’ behalf.”

Key characteristics of the spyware include physical access to the targeted phone for installation. The spyware also requests full admin rights, requires a license number to activate and installs itself as a system package to make its un-installation process harder, according to Skycure.

Eshed said that the app installed itself as Google Services in an attempt to confuse users who might see the process running on their phone as a legitimate Google application. “The app is named ‘Google Services’ and uses the package name ‘com.android.protect.’ This is a clear disguise of Google Play Services,” Eshed wrote.

Other characteristics include communications with servers hosted on Google’s cloud services and downloads from the hard-coded URL “hxxp://www[.]exaspy[.]com.” “Spyware apps for Android and iOS have been around for a long time. However a few high-profile cases seem to indicate a disturbing trend in sophistication and prevalence of attacks on high-profile individuals,” wrote Eshed.

He points out that recent revelations regarding Pegasus iOS spyware used on a human rights advocate illustrate a growing and brazen attitude toward the use of mobile spyware on high-profile targets. Skycure Research Labs said avoidance and mitigation efforts should include PIN code or fingerprint authentication for mobile device access, disabling USB debugging and regularly checking an Android’s Device Administrators list and disable components you don’t trust.

Tags:
Android surveillance
Source:
Threatpost
2127
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015