Hackers working for a surveillance company infected hundreds of people with several malicious Android apps that were hosted on the official Google Play Store for months, Motherboard has learned.
The spyware apps were discovered and studied in a joint investigation by researchers from Security Without Borders, a non-profit that often investigates threats against dissidents and human rights defenders, and Motherboard. The researchers published a detailed, technical report of their findings on Friday.“We identified previously unknown spyware apps being successfully uploaded on Google Play Store multiple times over the course of over two years. These apps would remain available on the Play Store for months and would eventually be re-uploaded,” the researchers wrote.
“These apps would remain available on the Play Store for months and would eventually be re-uploaded.”
At that point, the malware has access to most of the sensitive data on the infected phone, such as audio recordings of the phone’s surroundings, phone calls, browsing history, calendar information, geolocation, Facebook Messenger logs, WhatsApp chats, and text messages, among other data, according to the researchers.
Got a tip? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org. And you can reach Riccardo Coluccini securely on OTR chat at email@example.com, and firstname.lastname@example.org.
IS THIS ALL LEGAL?
The fact that the malware leaves the device vulnerable to other hackers is perhaps the worst element of Exodus, according to a police agent who has experience using spyware during investigations, and who asked to remain anonymous because he’s not allowed to speak to the press.
“Opening up security holes and leaving them available to anyone is crazy and senseless, even before being illegal.”