Fake Android Privacy Tool is Really Malware

Last year, Bitdefender researchers uncovered a powerful malware called Triout. This spyware became the “framework for building extensive surveillance capabilities into seemingly benign applications.” Unfortunately, Triout is back with new tactics, posing as the popular and legitimate privacy tool, Psiphon.

More About Triout

Last year users had been duped into downloading the malware with a fake version of an adult app. The spyware hides its presence on a hacked Android device (smartphone,  tablet, smart TV), and performs the following surveillance activities:

1. Records phone calls
2. Logs incoming text messages
3. Takes pictures
4. Recodes videos
5. Collects GPS coordinates

Triout sends all of this personal data to their command and control (C&C) server. The malware uses the C&C to create a powerful network of infected devices to help steal, delete, or encrypt data, and carry out extortion schemes.

More About the Fake Version of Psiphon

Since last August, Triout changed its tactics and disguised itself as the legitimate privacy app, Psiphon, which is available on the Google Play store. The phoney malware version of the Psiphon app looks and functions just like the real deal.

Who is Affected?

How the attackers convince users to initially download the malware is still up in the air. Researchers believe it involves spear-phishing.  According to ZDNet, it’s uncertain at this point how victims have been selected, targeted, and infected.

How to Stay Safe

Researchers believe that the campaign is still an active, powerful hacking tool. They recommend that users do all they can to avoid malware threats by 1) keeping their Android operating system updated and 2) only installing apps from official sources.

Google has an Unwanted Software Policy to protect consumers, which states: “Software that violates these principles is potentially harmful to the user experience, and we will take steps to protect users from it.”

Google also published The Google Android Security Team’s Classifications for Potentially Harmful Applications, which is a good resource on the types malware that pose a potential security risk to users or their data.