A security researcher from ESET has announced that he has unearthed new Android-based spyware that is capable of accessing the Whatsapp database and features a host of surveillance features.
As reported by ZDNet, the spyware has been discovered on Github in a repository named “OwnMe.” It features a MainActivity.class that initiates a new service OwnMe.class, which, when activated, shows a popup “Service Started” to the targeted Android user.
Normally, a malware does not throw any popup when it starts functioning as the threat actors behind it want to be discreet. This suggests that the spyware is still in the development stage.
After the service is called, a startExploit() function starts, and the spyware establishes a connection to the server if internet access is available.
Spying backdoor or surveillance malware?
In two days I found two different Android spy families. This one with help of @CryptoInsaneSpies on:
-browsing history
-photos
-WhatsApp conversation db
-upload files
-contacts
-SMS
-battery status ?
IoC:D7AB404CE9660C696485F59B98710D8F pic.twitter.com/mlqvZxcxuE— Lukas Stefanko (@LukasStefanko) September 4, 2018
The spyware’s code has revealed that it features a host of surveillance related functions, but most of them including a screenshot function are incomplete as of now.
Another interesting function that caught the eyes of researchers is Whatsapp data function that compromises WhatsApp conversations.
The malware in question also has a function called getHistory() that collects titles, times, visits and URLs from the targeted users’ bookmarks. The function is limited to accessing bookmarks and cannot plunder browser history.
If the app in which the spyware has been secretly shipped is granted permissions to access contacts, it can also grab hold of names, numbers and entire call history as well.
Another startling discovery is that the spyware also features a function to access camera and gallery.
Whenever the infected device is rebooted, the malicious app containing the spyware will be started.
To much relief, the discovered spyware is in the development phase, and researchers will prevent it from spreading to Android devices.
