1 min read

Triout - Spyware Framework for Android with Extensive Surveillance Capabilities

Liviu ARSENE

August 20, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Triout - Spyware Framework for Android with Extensive Surveillance Capabilities

No operating system is safe from malware, as cyber criminals will always want to steal, spy or tamper with your data. The proliferation of Android devices – from smartphones to tablets and smart TVs – has opened up new possibilities for malware developers, as all these devices pack microphones, cameras and location-tracking hardware they can turn into the perfect spy tools.

Bitdefender researchers have identified a new Android spyware, dubbed Triout, which appears to act as a framework for building extensive surveillance capabilities into seemingly benign applications. Found bundled with a repackaged app, the spyware’s surveillance capabilities involve hiding its presence on the device, recording phone calls, logging incoming text messages, recoding videos, taking pictures and collecting GPS coordinates, then broadcasting all of that to an attacker-controlled C&C (command and control) server.

It’s interesting that Triout, which is detected by Bitdefender’s machine learning algorithms, was first submitted from Russia, and most scans/reports came from Israel. The sample’s first appearance seems to be May 15, 2018, when it was uploaded to VirusTotal, but it’s unclear how the tainted sample is disseminated. Third-party marketplaces or some other attacker-controlled domains are likely used to host the sample.

A subsequent investigation revealed that the spyware has the following capabilities:

  1. Records every phone call (literally the conversation as a media file), then sends it together with the caller id to the C&C (incall3.php and outcall3.php)
  2. Logs every incoming SMS message (SMS body and SMS sender) to C&C (script3.php)
  3. Has capability to hide self
  4. Can send all call logs (“content://call_log/calls”, info: callname, callnum, calldate, calltype, callduration) to C&C (calllog.php)
  5. Whenever the user snaps a picture, either with the front or rear camera, it gets sent to the C&C (uppc.php, fi npic.php orreqpic.php)
  6. Can send GPS coordinates to C&C (gps3.php)

The C&C server to which the application seems to be sending collected data appears to be operational, as of this writing, and running since May 2018.

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Under Siege for Months: the Anatomy of an Industrial Espionage Operation Under Siege for Months: the Anatomy of an Industrial Espionage Operation
Alexandru MAXIMCIUCVictor VRABIE
1 min read
New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read