Malware specifically designed to steal private chat content on Android.

Dai Viet April 6, 2018 13:28

Android smartphones are becoming targets of a new type of malware that specializes in stealing users' private chat content on apps like Facebook Messenger, Skype, and others.

Discovered by experts from cybersecurity company Trustlook, this malware modifies the "/system/etc/install-recovery.sh" file inside applications, then immediately extracts data, even after the device has restarted.

Hackers are becoming increasingly rampant, spreading malware to smartphones.

After infecting the first application, Cloud Module, under the name com.android.boxa, this malware is now spreading throughout China. Trustlook warns that this malware is very difficult to detect, and can easily bypass Android's security layers.

The list of applications that may be affected by this malware includes Facebook Messenger, Twitter, Skype, Telegram, Tencent WeChat, Viber, Weibo, Voxer Walkie Talkie Messenger, Gruveo Magic Call, Line, Coco, BeeTalk, TalkBox Voice Messenger, and Momo.

The warnings also advise Android users to only install apps from Google Play. However, it's possible that devices could be infected with malware after downloading content from emails or third-party websites.

The data, once illegally collected, is extracted and sent to a remote server. Trustlook says this data-stealing malware is most likely being used for extortion.

Dai Viet