Security News > 2021 > January > Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.
Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance, the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable file.
Interestingly, the fake website of the Pakistan Citizen Portal was also prominently displayed in the form of a static image on the Trading Corporation of Pakistan website, potentially in an attempt to lure unsuspecting users into downloading the malware-laced app.
"The spying and covert surveillance capability of these modified Android apps highlight the dangers of spyware to smartphone users everywhere," Pankaj Kohli said.
"In the current Android ecosystem, apps are cryptographically signed as a way to certify the code originates with a legitimate source, tying the app to its developer," the researchers concluded.
"However, Android doesn't do a good job exposing to the end user when a signed app's certificate isn't legitimate or doesn't validate. As such, users have no easy way of knowing if an app was indeed published by its genuine developer."