Google has removed four harmful Android applications from its recognized Play Store after security researchers from Lookout found these to be infected with some spyware capable of stealing a “significant amount” of private data from an user’s infected device. The spyware dubbed Movie director is capable of enjoying a host of delicate user information including a person’s name, phone number, email and contact history.
This could also steal a slew of device data such as its exact location, including latitude and longitude, network ID, free internal and external memory space, phone type, network owner, device and Android information, Device IMEI, IMSI, MCC, MNC and details about installed packages.
“Overseer interested us for a few reasons. First, it focuses on foreign travelers, with the core functionality of looking for the embassies’ locations. For example, enterprise professionals could be influenced by Overseer if they experienced downloaded the Embassy application during business travel” Lookout director Kristy Edwards and security analyst Michael Flossman wrote in a blog post published on 16 September.
While one of the infected applications found out was an Embassy search tool designed to help travelers find embassies when abroad, the malware was also detected as a trojan in Russian and European News related applications for Android as well.
By running on Facebook’s Parse Server, which is hosted on Amazon Internet Services, the malware’s control and control server (CNC) could utilize HTTPS and a CNC based in the US on the popular cloud service to essentially remain hidden since the traffic appeared to be legitimate and was less likely to be recognized.
Lookout researchers did not specify how many downloading each infected application gained or how many devices were estimated to have been infected. Google has removed the malware-ridden applications from the Google Take up Store after Lookout informed the company.