Government Spyware Company Spied On Hundreds Of Innocent People (Jan 30, 2020)
Security Without Borders researchers have analyzed more than 20 apps on the Google Play Store targeting Italian individuals that contained Exodus malware variants. Exodus is an Android spyware that is capable of collecting a list of installed apps on the end user’s phone, browsing history, contact lists, text messages (including encrypted one), location data and Wi-Fi passwords. The malware is distributed by malicious apps that masquerade as network tools. The apps were being used by law enforcement for surveillance on select individuals in espionage focused operations, however, eSurv has reportedly been using the spyware against law-abiding reasons that have not been yet clarified.
Recommendation: All applications downloaded should be downloaded from the official or trusted store. This story portrays that downloading apps from trusted sources is not always enough because sometimes malicious apps make their way into official stores. It is advised to review apps before downloading them to view what permissions that app is requesting and if they are asking for additional permission requests may indicate potential malicious intent. In addition, the exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Furthermore, identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.