Security News > 2020 > December > Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.
In tandem with the sanctions, the FBI released a public threat analysis report that investigated several tools used by Rana Corp. Researchers recently conducted further analysis of one of these malware samples and found that its latest variant showcases several new commands that point to the threat actors sharpening their surveillance capabilities.
This particular malware uses accessibility services in order to monitor a full list of messages on communications applications, including the Android Instagram app, Skype, Telegram, Viber and WhatsApp.
The malware also now includes various commands, such as the ability to receive commands from the command and control server that are sent by SMS: "In that case, the malware intercepts the received SMS and, if it starts with a predefined command header, the malware aborts further propagation of the SMS RECEIVED Intent," said researchers.
Another less-common Android command that the malware sports is the ability to add a custom Wi-Fi access point and to force the device to connect to it.
News URL
https://threatpost.com/rana-android-malware-updates-allow-whatsapp-telegram-im-snooping/161971/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)