Well-funded surveillance operation infected both iOS and Android devices

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2019/04/well-funded-surveillance-operation-infected-both-ios-and-android-devices/

By DAN GOODIN
Ars Technica
4/8/2019

Researchers recently discovered a well-funded mobile phone surveillance 
operation that was capable of surreptitiously stealing a variety of data from 
phones running both the iOS and Android operating systems. Researchers believe 
the malware is so-called "lawful intercept" software sold to law-enforcement 
and governments.

Exodus, as the malware for Android phones has been dubbed, was under 
development for at least five years. It was spread in apps disguised as service 
applications from Italian mobile operators. Exodus was hidden inside apps 
available on phishing websites and nearly 25 apps available in Google Play. In 
a report published two weeks ago, researchers at Security without Borders said 
Exodus infected phones estimated to be in the "several hundreds if not a 
thousand or more."

Exodus consisted of three distinct stages. The first was a small dropper that 
collected basic identifying information about the device, such as the IMEI and 
phone number, and sent it to a command-and-control server. A second stage was 
installed almost immediately after the researchers’ test phone was infected 
with the first stage and also reported to a control server. That led 
researchers to believe all phones infected with stage one are indiscriminately 
infected with later stages.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_