We like many things Italian–leather and pizza are on top of the list. Definitely, the Italian Android spyware isn’t something we appreciate. The Security Without Borders recently discovered a new spyware platform that has been collecting data since 2016. The group already alerted Google so the apps have since been pulled out. One example is the ‘Assistenza Linea’ as one of the many decoy apps found on the Google Play Store. This occurrence isn’t exactly new. We’ve noted a few different types of malware but this is different.
Google and Android developers continue to fight spammy and malicious apps. Earlier this year, Trend Micro reported Anubis-related malware apps. This time, the malicious apps were in Italian so you won’t know right away that something is wrong.
Several apps discovered have been downloaded and installed unwittingly by mobile users. Most of them were disguised as service apps so you wouldn’t really think something was wrong.
Security Without Borders believes eSurv, an Italian company, was the source of the spyware platform. The researchers called the spyware ‘Exodus’ for easy reference. They noted the apps were making some modifications that could expose infected phones. Data tampering and other related compromise were noted to be possible
This spyware wore a disguise on Google Play Store so people weren’t aware of the apps’ potential to harm the people. The apps were identified to have been recommended via a text message with links to the Play Store page.
About 25 variants of the spyware were uploaded on the Play Store. They’re gone now, thanks to Google’s detection. Google Play Protect will continue to check the app store and other devices. There is no report on how many phones or users were affected but more than 350 installations were said to be have been collected through the Google Play Store.