Google Pulls Four Overseer Spyware Infected Apps From The Play Store

Google has removed four apps on its Android Play Store, which were found to be infected with spyware capable of stealing device and user data.

The infected apps were spotted by security researchers from Lookout, which found a piece of spyware, dubbed Overseer, lurking behind the apps.

The spyware is capable of harvesting a user’s name, phone number, email and contact history, as a host of data from the smartphone, including its location area code, the version of Android it is running, its user build and whether the device has been rooted.

Overseer spyware

Lookout noted that the spyware is particularly interesting as it appears to have been used to target foreign travelers, noting that Overseer was found in one app aimed at guiding travelers to their nation’s embassy when abroad, and in a Russian and European news app.

The researchers also pointed out the spyware was communicating with a control and command centre using Facebook’s open source Parse Server based on the Amazon Web Services cloud. By using HTTPS and a server based in the US, Lookout noted that the data flowing from the apps to the command centre appear legitimate, making it less likely to be blocked and investigated.

“Devices infected with Overseer periodically beacon to the api.parse.com domain, checking whether there are any outstanding commands the attacker wants to run,” Lookout said, explaining how the spyware removed data from the infected devices.

“Depending on the response, the malware is capable of exfiltrating a significant amount of information from an infected device. These communications are all encrypted over the wire, which hides the traffic from network security solutions.”

When Lookout notified Google of the threats, the search company rapidly removed the apps.

Mobile malware is a growing threat, as evidenced by the 85 million Android devices infected by the HummingBad malware. And Android malware seems to be adept at mimicking legitimate apps, such as WhatsApp and Uber.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

16 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

17 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

19 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

21 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

22 hours ago