Researchers at Bitdefender have identified a new powerful Android spyware named ‘Triout.’ It can secretly record phone calls, collect pictures, videos, text messages and as well as GPS coordinates of the victims and send it back to attackers.
Triout has been active since May this year and is circulated through a fake Android app which was also available on the Google Play Store in 2016.
Even though the app has been removed from Play Store, a repackaged version of the app is still available from other sources and signed with an authentic Google Debug Certificate.
The spyware app has been designed and functions like its name suggest — Sex Game. But it stealthily turns the Android devices into a strong surveillance tool and sends stolen data back to servers that are controlled by attackers.
The researchers aren’t sure about the origins of the app or how many times it has been installed on phones, but they were most probably circulated through third-party Android app stores or app-sharing forums.
Analysis of the malware suggests that it came from Russia, but not necessarily built there. They also detected a lot of Israeli samples collected by the app hinting at massive scale surveillance and espionage campaign.
The most striking part is that the spyware is completely unobfuscated meaning that merely unpacking the .apk file would make the source code visible. It suggests that the framework may be a work-in-progress and maybe the creators are testing more features and compatibility with devices.
To prevent falling victim to Triout or similar malware, researchers urge users not to install applications other than those that come from the official store. They also advise users not to give unnecessary permissions that grant access to call logs, messages and media files.