 |
| (pc-Google Images) |
All user’s data were exfiltrated by abusing the Android accessibility service feature and used exploits from a commercial rooting app for data theft by gaining root Access of the Targeted Android.
SpyDealer exfiltrates data from apps like WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
SpyDealer performs very sophisticated hijacking Attacks with infected users and it also takes advantages from rooting applications such as “Baidu Easy Root” and gains root access of the targeted victims.
Once SpyDealer is successfully installed with an Android Mobile, it automatically hides its icon in the infected Mobile and it has two Broadcast receivers which are used for listening to the events such as device booting up and network connection status.
SpyDealer Malware Initial infection is not yet identified but Paloalto believes that initial infection would be through compromised wireless network.
from E Hacking News - Latest Hacker News and IT Security News http://ift.tt/2uII985
via IFTTT
Tags:
News