Security researchers warn of new Android crypto attack campaign
Security researchers have uncovered a new and dangerous Android hacking campaign, and this one is also highly inventive. Targeting a 12-word phrase, the SpyAgent malware disguises itself as one of 280 apps so far and uses optical character recognition technology during the devious attacks. Fall victim to a successful compromise, and it could be very costly as these hackers are after your money.
The Android SpyAgent Hack Employs Innovative New Attack Methodology
The McAfee Mobile Research Team recently identified more than 280 applications being used as launchpads for SpyAgent malware, which has been actively targeting Android users since the start of the year. These fake apps, pretending to be everything from banking to streaming utilities, will use distraction techniques such as “endless loading screens, unexpected redirects, or brief blank screens to hide their true activities,” report author SangRyol Ryu, said.
As it turns out, the true activity is to gather together all your SMS text messages, contacts and, importantly as I’ll come to momentarily, every image you have stored on your Android device. All of this data is then sent to a remote server where the clever, dangerous and ultimately potentially costly work begins.
These fake apps are usually the initial payload of a phishing campaign aimed at getting users to an apparently genuine but actually malicious website where they are tricked into making the download. The trickery doesn’t stop there, of course, as what they are downloading is an Android Package Kit file rather than a genuine app. When installed, this requests permissions to access SMS messages, contacts and data storage. Gaining access to your photos is the primary objective as these are then scanned using OCR technology, but don’t worry, the hackers aren’t after your private, nudge nudge, wink wink, images. What they are looking for is a mnemonic key.
What’s a mnemonic key, you ask? Simply put, this is a 12-word passphrase, although they can reach 24 words in total. A passphrase for what? Your cryptocurrency wallet, or rather the recovery of your crypto wallet. “This suggests a major emphasis on gaining entry to and possibly depleting the crypto assets of victims,” Ryu said.
Mitigating The SpyAgent Android Threat
We’ve been talking about SpyAgent as an Android threat, which is certainly what it is currently. However, Ryu said that the McAfee researcher have found an item that was labeled as “iPhone” within the admin panel code which suggests that the developers of the malware could be attempting to target iOS users in a future version. “While no direct evidence of an iOS-compatible version has been found yet,” Ryu said, “the possibility of its existence is genuine.”
Regardless, the mitigation is the same as always: stay aware of the phishing threat, only install apps from official app stores, don’t follow links in unsolicited emails or text messages, and don’t grant permissions for any app that appears excessive, unwarranted or intrusive in any way.
Google advises Android users to employ Google Play Protect To check both your apps and device for harmful behavior. While Google Play Protect is enabled by default, Google recommends that users check to ensure it hasn’t been disabled. To do this, open the Google Play app, tap your profile icon, tap settings, then ensure scan apps with Play Protect is toggled on.