We continue with the Android security problems . Even though Google puts all its efforts into doing that your operating…
We continue with the Android security problems . Even though Google puts all its efforts into doing that your operating system and your app store are as safe as possible , it is clear that your filters are not perfect and that, from time to time, some smartass manages to deceive them and abuse the users. It is the case of the app Dardesh, a messaging app that, in the background and without the user’s knowledge, installs an app able to do everything, literally .
The app was detected by the guys from Lookout , who have baptized this “family of malware” as Desert Scorpion (desert scorpion). I imagine it will be because of their ability to dig and protect themselves under an exoskeleton, because it’s more or less what Dardesh did . The app was spread through a Facebook profile that published the link to the app constantly and that has reached infect several hundred devices.
How did it work? Dardesh, once installed, download a second application that camouflaged as a “Settings” app . This app was hidden to the user and, in the shade, he tracked his location, he recorded his calls , recorded the video and audio of its surroundings, downloaded and sent the files found in the internal storage to a third party server, accessed the SMS, contacts and account information, etc. A full-blown malware, without a doubt.
Apparently, as they report from Help Net Security , Lookout researchers believe that the members of the group APT-C-23 are behind the app . This is because the Facebook profile that published the link to Google Play also did a while ago with a link to Google Drive that hid a malware for Android that, effectively, is attributed to this same group. The app was focused on users in Palestine , although it has affected several users in the Middle East.
Fortunately, Google has already removed the Google Play Store app , so you can be calm. However, this again shows that always, always, you should always monitor what apps you download , your valuations and your developer. Whether something is on Google Play or on a trusted website does not mean it’s perfect!
Do you have Facebook installed? Get the best article of each day in our Page .