The infected apps, containing the spyware, harvested information about the infected devices and their users.
Google has removed four Android apps from Play Store after security researchers discovered that the apps were infected with a spyware Trojan.
The infected apps, containing the spyware, harvested information about the infected devices and their users. Based on the information retrieved by researchers from Lookout, it seems someone was targeting tourists and businessmen.
Out of the four, three were related to new, from a developer named RSS News. Two of the three news apps showed news items related to Russia, and the third one had news on European issues.
After a technical analysis, it was revealed that these apps contained a spyware named Overseer, which communicates with a remote command and control server located on Amazon AWS.
Though all communications appear encrypted, researchers found traces of malicious behaviour in the source code of these apps. Some of the collected data included details about the device including IMEI number, device ID, network operator name and much more.
The Overseer spyware also collected data related to the phone’s contact list, a list of user accounts on the infected device, currently installed apps, and even location area code.
The data collection process is so through that the spyware collects even the tiniest amount of data.