Five trojanized versions of Android legal software that carry out covert monitoring and espionage on users in Pakistan have been discovered by cyber security researchers. The malicious variants have been found to obstruct their operations in order to gradually download payloads in the form of an Android Dalvik (DEX) file, designed to masquerade applications such as Pakistan Citizen Portal, Pakistan Salat Time, Mobile Packages Pakistan, Registered SIM Checker and TPL insurance.
Five Trojanized Android Apps Spying On Pakistanis
‘The payload of DEX includes most malicious functionality, including the ability to covertly exfiltrate sensitive data such as the user’s contact list, and the full content of SMS messages,’ says Pankaj Kohli, Sophos threat researchers. ‘The software then sends this information to one of a few command and control websites hosting servers available in eastern Europe.
Also previously prominently seen on the trading company website was a fake version of the Pakistan Citizen Portal, potentially in order to enable unsuspecting users to download the malware-laced app, which also provides confidential information, such as computerized national identification card numbers, passport data, user and Facebook password.
Sophos researchers also found an application known as Pakistan Chat, that did not distribute a benign analogue via the Google Play Store. But the API of a legitimate chat service ChatGum was found to be leveraged in the app. When enabled, the app can seek permits to capture sensitive details on a victims device including information on the phone, location, contact lists, SMS content, call logs, and a complete list of internal and SD card storage folders.
You may be also interested in: Facebook New Security Feature- A Hope for Pakistani Cybercrime Victims