Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Exaspy, a New Android Spyware, Targets Execs

A new mobile spyware package called Exaspy has been uncovered. Its authors target high-value enterprise executives in a quest to gain access to all of the victim’s data.

Skycure found the commercial Android kit attacking executives and gaining access to chats and messages (both native and over-the-top, so SMS, MMS, Facebook Messenger, Google Hangouts, Skype, Gmail, native email client, Skype, Viber, WhatsApp and more); pictures, contact lists, calendars, browser history, call logs and more. It can also record phone calls and audio it captures in the background, and take secret screenshots of the device.

Monitor and transmit local files, such as photos and videos taken.

Execute shell commands, or spawn a reverse shell, which allows the app to elevate its privileges using exploits that are not included in the basic package.

The potential damage for an enterprise is wide and deep. Exaspy can collect confidential company information, which might include financial information, intellectual property, product information and stealth recordings of confidential meetings—and the attacker can use the threat of releasing or selling that information to blackmail the enterprise into paying large sums of money.

Exaspy masquerades as “Google Services,” which echoes a legitimate app entitled Google Play Services, and the user must download and install it. Phishing mails and the like are targeting methods. And Exaspy itself is available for hire, according to Skycure.

“We are entering a new era of mobile threats as Android spyware evolves to become a commodity product,” said Elisha Eshed, researcher at Skycure Research Labs, in a blog. “What that means is that you no longer need deep technical expertise to hack into someone’s mobile device. The spyware attackers need is now available online for easy purchase and use, similar to the tools available for running DDoS attacks against websites. This is a significant step in the evolution of mobile malware, and one which will make proactive mobile threat defense for IT that much more crucial.”

Photo © wavebreakmedia

What’s Hot on Infosecurity Magazine?