Android Spyware Targets Government and Military Security Job Seekers

Rafia Shaikh
Posted Jun 2, 2016
15Shares
Share Tweet Submit

A new Android spyware targeting security job seekers has been discovered by researchers. The campaign works in tandem with a job site that offers work for security personnel in government or military jobs.

Android spyware targets security job seekers

New Android spyware targeting government security job seekers has been detected in Saudi Arabia. In a report published this week, security researchers at McAfee have claimed that the spyware is distributed using a private chat application and steals user contacts, SMS messages, and voice calls from the target devices. The stolen data is then forwarded to the attacker’s server, which is the same server hosting job site for government security positions. “The application code is of poor quality,” but the malware works efficiently, researchers wrote in a blog post.

The Android application that is being used to spread this malware is a chat app called Chat Private. Once it’s installed, the spyware application shows a screen with the network carrier and user’s phone number information. In the background, it gathers device information and personal data, including browser history and call logs and sends them to the attacker’s server. The spyware also keeps monitoring incoming SMS messages and records incoming / outgoing voice calls in the background.

The report doesn’t specify if it’s a working application or not, as it’s unlikely of a user to download an app that doesn’t provide chat functionality and only shows a phone number. The security firm hasn’t shared a link to the Android app masquerading as spyware, and a quick search on Play Store couldn’t show the app in question. Folks at SecurityWeek also failed to find any reference on the job site to the Chat Private app, and concluded that “unless distribution of the app is specifically targeted at government and military applicants, it seems to do little more than steal users’ private information and send it to a recruitment firm.” Looking at McAfee’s findings of poorly written code, usage of open source call-recorder-for-android found on GitHub, it could be a malware author-in-training.

Ghost Push Returns with the Biggest Ever Theft of Google Accounts - Over 1 Million Accounts Hit

McAfee, however, persists that while the motives are not clear, “considering the jobs that were being advertised on the site, the implications should not be underestimated.” The security research firm has reported the spyware targeting government job seekers to the Computer Emergency Response Team in Saudi Arabia for additional investigation.

Share Tweet Submit