Security News > 2020 > December > Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.

In tandem with the sanctions, the FBI released a public threat analysis report that investigated several tools used by Rana Corp. Researchers recently conducted further analysis of one of these malware samples and found that its latest variant showcases several new commands that point to the threat actors sharpening their surveillance capabilities.

This particular malware uses accessibility services in order to monitor a full list of messages on communications applications, including the Android Instagram app, Skype, Telegram, Viber and WhatsApp.

The malware also now includes various commands, such as the ability to receive commands from the command and control server that are sent by SMS: "In that case, the malware intercepts the received SMS and, if it starts with a predefined command header, the malware aborts further propagation of the SMS RECEIVED Intent," said researchers.

Another less-common Android command that the malware sports is the ability to add a custom Wi-Fi access point and to force the device to connect to it.

News URL

https://threatpost.com/rana-android-malware-updates-allow-whatsapp-telegram-im-snooping/161971/