Currently this malware is targeting Brazilian banks and one of its functionality centers towards stealing Credit Card details of its victims. This malware is capable of targeting users of Brazilian banks and attempt to steal their Credit Card details by showing them phishing pages. While details would vary, all of the identified copies of this spyware shared a similar disguise. While viruses can potentially destroy a computer’s data, most of the widespread viruses have leaned more toward annoyance. It is more of a restrictive app than a spying app. Exodus One checks-in by sending a POST request containing the app package name, the device IMEI and an encrypted body containing additional device information. Considering that this malware contains abilities to receive and execute commands and the fact that one of the commands is to DDOS a target, there is a possibility that this malware can be operated as a botnet.
Additionally this malware can execute commands sent by an attacker and spy on its victims and finally this malware also has a ransomware (which did not work for us) and DDOS components. How To Find Hidden Spyware on Android Phones in 2019 contains a ransomware component, but this did not work for us during our time analyzing this threat. Researchers from Russian antivirus maker Doctor Web found multiple apps on Google Play posing to be games that delivered malware downloaders. We identified previously unknown spyware apps being successfully uploaded on Google Play Store multiple times over the course of over two years. For any of these signs to represent a risk of spy apps being installed on your cell phone, it would require a combination of them starting to appear suddenly, one symptom alone would not be enough to raise any doubts. According to publicly available statistics, as well as confirmation from Google, most of these apps collected a few dozens installations each, with one case reaching over 350. All of the victims are located in Italy. According to Google, whom we have contacted to alert about our discoveries, nearly 25 variants of this spyware were uploaded on Google Play Store. Both the Google Play Store pages and the decoys of the malicious apps are in Italian.
All of the Play Store pages we identified and all of the decoys of the apps themselves are written in Italian. However, the persistent presence of Italian language both on the Google Play Store pages as well as inside the spyware code was a clear sign that an Italian actor was behind the creation of this platform. The purpose of Exodus One seems to be to collect some basic identifying information about the device (namely the IMEI code and the phone number) and send it to the Command & Control server. Spy Premium is one of the best and most popular software out there to spy on cell phones. The Zip archive returned by the check-in performed by Exodus One is a collection of files including the primary payload mike.jar and several compiled utilities that serve different functions. All your files have been encrypted and if payment is not made in BTC within the stipulated period all your files will be deleted permanently. Additionally, during a period of several days, our infected test device was never remotely disinfected by the operators.
Instances of this spyware were found on the Google Play Store, disguised as service applications from mobile operators. In most cases they would be crafted to appear as applications distributed by unspecified mobile operators in Italy. This suggests that the operators of the Command & Control are not enforcing a validation of the targets. If shows you when and how active they are on the phone. Even so, I will keep the list going on and tell you about the other phone spy apps that you might like. Worryingly, some of the modifications enforced by the spyware might expose the infected devices to further compromise or data tampering. We’ll tell you about 5. And then at the end of this post, there is a pretty important link to a tip that tells you how to remove any spy apps that might be on your phone. The spy app search engine is extremely fast and allows whitelisting of trusted apps. Extract data from WeChat app.