Technology 2 min read

New Android Malware 'Triout' can Secretly Record Phone Interactions

Asif Islam / Shutterstock.com

Asif Islam / Shutterstock.com

Researchers have identified a new strain of Android malware that discreetly records phone calls and GPS locations.

The Android malware dubbed as Triout is reportedly capable of logging text messages and recording phone calls without the knowledge or permission of the mobile phone owner.

According to security experts, the recorded phone interactions are then transmitted to an unknown command and control center.

The intrusive malware was discovered by cybersecurity analysts from Bitdefender a month ago. However, the researchers said that some signs of its activities date back as far as mid-May when it was initially uploaded on the website VirusTotal in Russia. Other samples were said to be uploaded from an Israeli IP.

Bitdefender said that the samples they found were posing as clones of legitimate applications. But, the firm was not able to identify where the malicious app was being distributed from. At the moment, the researchers’ best guess was via app-sharing forum sites or a third-party Android application store, both of which are popular in some parts of the world.

Read More: Facebook Shuts Down Hundreds of Fake Pages Related to Russia and Iran

As per Bitdefender’s investigation, some of Triout’s capabilities include:

  1. Recording every phone call (literally the conversation as a media file), then sends it together with the caller id to the C&C (incall3.php and outcall3.php)
  2. Logging every incoming SMS message (SMS body and SMS sender) to C&C (script3.php)
  3. Has the capability to hide self
  4. Can send all call logs (“content://call_log/calls”, info: callname, callnum, calldate, calltype, callduration) to C&C (calllog.php)
  5. Whenever the user snaps a picture, either with the front or rear camera, it gets sent to the C&C (uppc.php, fi npic.php orreqpic.php)
  6. Can send GPS coordinates to C&C (gps3.php)

Triout can also hide itself. However, Bitdefender notes that the tainted code which comes in a package known as 208822308.apk is readable, an apparent suggestion that it is potentially an experimental version.

“What’s striking about the sample is that it’s completely unobfuscated, meaning that simply by unpacking the .apk file, full access to the source code becomes available. This could suggest the framework may be a work-in-progress, with developers testing features and compatibility with devices,” Bitdefender wrote.

How do you protect your mobile devices from being infected by malicious applications?

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Chelle Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Chelle Fuertes

Chelle is the Product Management Lead at INK. She's an experienced SEO professional as well as UX researcher and designer. She enjoys traveling and spending time anywhere near the sea with her family and friends.

Comments (0)
Most Recent most recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.