There's a new strain of malware in the wild
It is targeting Android devices and disguised as an innocuous chat app.
Researchers at Trend Micro have discovered it in two different apps so far: Chatrious and the Apex App. Chatrious has since vanished from Google's Play Store, but at the time this piece was written, the Apex App is still available for download.
If you have either of these, you should delete them immediately.
It spies on you as soon as it is installed
In both strains unearthed so far, when a user downloads the app and launches it, the program will quietly connect to a command and control server. It will then begin rooting around in the device the app is installed on, collecting contact lists, text messages, call logs and any files stored locally on the device.
In addition to that, the malware can activate the device's microphone to create audio recordings to be sent to the command and control server, and it is capable of taking screenshots of anything displayed on the device.
Only targeting Android for now
The app has only been found on the Play Store at this point. However, an analysis of the code reveals that the person or group behind it has already built-in hooks that would make it capable of attacking iOS and Windows-based machines. The researchers fear that this malware is at an early stage of development. What they found in the code points to this being the leading edge of a much larger and more widespread attack.
In addition to its being a potentially devastating piece of malware, the researchers indicated that this code would be perfect for conducting highly advanced cyberespionage campaigns. That is, given that high ranking corporate and government employees have such a wealth of information on their phones and almost always keep them close at hand. The ability to make recordings of things going on in the immediate vicinity of the infected device could lead to no end of trouble.
Our perspective
In any case, if you have either of the apps mentioned above installed on your phone, delete them immediately. Trend Micro has promised further updates about this latest malware threat as they get them.
~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.
