Researchers have uncovered a new strain of smartphone malware capable of recording phone calls and logging text messages without the owner’s knowledge and transmitting the data to a command and control server. Dubbed Triout, the malware was detected by cybersecurity firm Bitdefender’s machine learning algorithms in July 2018, and appears to originate in Russia. The bug was found inside a modified Sex Game for Adults app for phones running Google’s Android software.
The malware was first observed in an app, repackaged to look identical to a legitimate Android app called “Sex Game.” It was available in the Google Play store starting in 2016, but has since been removed. The package is called 208822308.apk
Bitdefender’s Cristofor Ochinca wrote in a report “The capabilities of Android malware are similar in complexity and surveillance capabilities to PC malware,”
The C&C server, which is a single, hardcoded IP address, to which the app sends the collected data has been operational since May 2018.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.