A newly uncovered espionage campaign in the Middle East has infected more than 660 Android phones, and much of the stolen data appears to be “military-related,” researchers from cybersecurity company Trend Micro said Tuesday.
The malware in question is highly invasive, posing as popular news and lifestyle apps to suck up a target phone’s call logs and records, text messages, and storage and memory details, among other data. Attackers aren’t using the Google Play store, a sometimes popular receptacle for malicious apps. Instead, the host website for the malware is being promoted via social media channels, according to Trend Micro. One feature of the malware even allows the operator to take a photo from an infected phone when the device’s owner “wakes” it in locked mode.
Analysts did not pin the so-called “Bouncing Golf” spying operation on any group or person, but said the structure of the code used and the data targeted share similarities with a spying campaign reported last year by cybersecurity company Check Point. The prime suspect in that campaign was the Iranian government, Check Point said.
Whoever they are, the operators of the newly documented malware have looked to mask their origins. The contact information they used to register their malware-distributing domains is hidden, Trend Micro said. The IP addresses of their command-and-control server span France, Germany, Russia and other countries.
The researchers did not elaborate on the “military-related” data that was pilfered, other than to say it included images and documents. The limited scope of infected ..
Support the originator by clicking the read the rest link below.
