Sunday, 6 November 2016

If you are install android application then your mobile hacked

The most interesting part of the finding, the security researchers say, was that the malware required user interaction during installation, meaning that the attacker needed physical access to the device to infect it, or extreme and effective social engineering.
Because the malware requires such interaction to be installed, the real-world threat level is relatively low for those who take reasonable security precautions regarding their mobile devices.

When running for the first time, the malware requests admin rights, asks for a license number, hides itself, and then asks root access (it can download a root exploit from the command and control (C&C) server if needed). Next, the spyware installs itself as a system package.
Once a device has been infected, the malicious app can be used to access the victim’s chats and messages (SMS, MMS, Facebook Messenger, Google Hangouts, Skype, Gmail, native email client, Viber, WhatsApp, etc.), can record audio (during calls or on the background), can access the pictures library, can take screenshots, and can collect contact lists, calendars, browser history, call logs, and more.

If it has C&C connectivity, the malware can monitor and transmit local files, including photos and videos, and can execute shell commands.

On the infected device, the app runs under the name of Google Services, using the package name “com.android.protect,” clearly masquerading the legitimate Google Play Services, the researchers note. The spyware communicates with the hxxps://api.andr0idservices.comserver, (which is hosted in Google Cloud) and downloads updates from the hard-coded URL hxxp://www.exaspy.com/a.apk.
In addition to hiding itself from the launcher on the infected devices (by disabling its main activity component), the app disables Samsung’s SPCM service and com.samsung.android.smcore package, which allows it to run in the background without Samsung’s service killing it. As mentioned above, it also installs itself as a system package to prevent removal by the user.

Not only does this spyware pose a significant risk to end users, but it can become an even greater risk to enterprises. It can be used to collect confidential company information such as financial, intellectual property, and product information; can stealthily record confidential meetings; can be used to blackmail a company into paying large sums of money to prevent leaking the information obtained.


“Mobile attacks used to require a special level of skill which made them more rare, but in today’s market it is easy for anyone to pay their way to being a threat. The Exaspy malware is just one of those packages that IT professionals need to defend against.” Skycure’s Elisha Eshed notes.