Researchers at Trend Micro have unearthed a cyber-espionage campaign targeting Android devices in the Middle East region. Called “bouncing golf,’’ the attack uses a malware called GolfSpy, with extensive cyber espionage potential. The tricky bit is that this malicious code is hidden deep inside revamped legitimate applications distributed through social media hosting websites. These apps pretend to be communication, news, lifestyle, book, and reference apps that are commonly used in the Middle East. Once executed on smartphones, GolfSpy generates a unique ID, collects targeted data and writes it to a file on the device.
The attack seems to have infected over 600 Android devices and the number is expected to increase. Researchers have said that the threat can steal information such as battery status, bookmarks/history of the device’s default browser, list of installed applications, contacts, current running processes, call logs, files on SD card, image/audio/video files on the device, SMS messages, storage/memory/connection/sensor information and other important data.
The malware also creates a socket connection to the remote C&C server to receive and perform additional commands.
“As we’ve seen in last year’s mobile threat landscape, we expect more cyber espionage campaigns targeting the mobile platform given its ubiquity, employing tried-and-tested techniques to lure unwitting users. The extent of information that these kinds of threats can steal is also significant, as it lets attackers virtually take over a compromised device,” Trend Micro said, in a statement.