Security News > 2020 > December > Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.
In tandem with the sanctions, the FBI released a public threat analysis report that investigated several tools used by Rana Corp. Researchers recently conducted further analysis of one of these malware samples and found that its latest variant showcases several new commands that point to the threat actors sharpening their surveillance capabilities.
This particular malware uses accessibility services in order to monitor a full list of messages on communications applications, including the Android Instagram app, Skype, Telegram, Viber and WhatsApp.
The malware also now includes various commands, such as the ability to receive commands from the command and control server that are sent by SMS: "In that case, the malware intercepts the received SMS and, if it starts with a predefined command header, the malware aborts further propagation of the SMS RECEIVED Intent," said researchers.
Another less-common Android command that the malware sports is the ability to add a custom Wi-Fi access point and to force the device to connect to it.
News URL
https://threatpost.com/rana-android-malware-updates-allow-whatsapp-telegram-im-snooping/161971/
Related news
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links (source)