Security researchers have discovered several applications infected with Exodus spyware malware in the official Google Play Store. Applications were disguised as service applications.
Once again, infected apps have invaded the Google Play Store. Security researchers from the "Security Without Borders" platform have uncovered a number of Android applications with Exodus software. Applications have been successfully loaded into the store several times over more than two years. Disguised as service applications by mobile operators, spyware was targeted primarily to Italian users.
Overall, I should have made almost 25 Exodus variants in the Play Store. How often infected applications have been downloaded, security researchers, however, only suspect. But several hundred or even thousands of facilities are quite possible. Meanwhile, however, all variants of malicious software have been removed by Google.
Spyware applications collect device information at startup and upload it to a Command and Control server for validation purposes. Then a zip file containing the actual malware is downloaded to the device and installed. This allows attackers to access phone calls, browsing history, calendar information, geolocation, Facebook Messenger records, WhatsApp chats, text messages and the like. In addition, the malware allows external control of the device.
Hack by state agency
According to investigations by Security Without Borders, the Exodus can be traced back to the Italian surveillance firm eSurv. Spyware Exodus communicates with the ISP's servers. In turn, eSurv should maintain ties with the Italian government, as reported by the security portal Motherboard.
This is not the first time malicious software has been spreading through the Play Store for months. Although Google is trying to keep its platform clean with Google Play Protect and other solutions, in practice it always creates harmful or dubious content in the official store. Recently, ad cheating cases in various Cheetah Mobile apps have caused a stir.