Off-the-shelf Android spyware targets high level executives
The increasing commoditization of malware means that you no longer need to be a technical expert to launch an attack. You can simply buy the tools off the shelf.
Researchers at Skycure Research Labs have uncovered just such an off-the-peg spyware attack targeting senior company executives.
The app called Exaspy is a commercial Android spyware package that gives an attacker access to much of the victim's data. It was found on an Android device belonging to the vice president of a global technology company.
The software disguises itself as an app called 'Google Services' and uses the package name 'com.android.protect'. This is an attempt to imitate Google Play Services, a popular suite of APIs which Android developers can utilize for enriching their apps (push notifications, maps, etc).
Once installed it grants itself root access and hides its main process from the launcher making it harder to uninstall. It can then monitor and transmit local files, such as photos and videos taken to its C&C server. It can also execute shell commands, or spawn a reverse shell, which allows the app to elevate its privileges using exploits that are not included in the basic package.
For enterprises this means it could collect confidential company information, which might include financial details, intellectual property, product information, stealth recordings of confidential meetings, and more. This in turn could lead to attempts to blackmail the enterprise into paying large sums of money to prevent leaking the information obtained.
You can find out more including technical details of the threat and how to protect yourself on the Skycure blog.