Four Android apps on Google Play Store were infected with Overseer malware: Google doesn’t take spyware infected apps lightly and in its latest action to cut down on spyware infestation on Google Play Store, the Android maker has nixed four apps from its store that were affected by Overseer malware, it has been revealed.
The four apps that were nixed by Google were reported to the company by security company Lookout. Experts at Lookout spotted the Overseer infected apps on Google Play Store and as any responsible security expert/company would do, they ensured that they report it to Google and have the apps removed for the security of users. According to Lookout, the four apps were effectively targeting foreign visitors. One of the infected apps was an embassy search tool that allowed travellers to find embassies in the country they were travelling. Another two apps that were affected and removed were news apps.
In a blog post on its site, Lookout experts have revealed that they have been interested in Overseer for quite sometime now. One of the reasons was its target – foreign travellers. Next, Overseer’s command and control server users Facebook’s Parse Server, hosted on Amazon Web Services. The primary reason behind using Facebook and Amazon is that it allows the spyware to use HTTPS and remain hidden because it doesn’t cause the spyware’s network traffic to stand out and could potentially present a challenge for traditional network-based IDS solutions to detect.
According to Lookout, current variants of Overseer spyware are collecting and exfiltrating range of information about the infected device and its user. Some of the information includes user’s contacts, including name, phone number, email and times contacted; all user accounts on a compromised device; Basestation ID, latitude, longitude, network ID, location area code; Names of installed packages, their permissions, and whether they were sideloaded; Free internal and external memory; Device IMEI, IMSI, MCC, MNC, phone type, network operator, network operator name, device manufacturer, device ID, device model, version of Android, Android ID, SDK level and build user; and whether a device has been rooted in one of several ways.