There's no point in arguing that Google's Android Operating System is one of the most widely used software of this generation. Aside from the iOS and the defunct Windows platform, Android gathers a north of two billion devices, and the numbers will keep on coming as long as the Search Engine giant can keep up with the pace of its users.
The OS, however, is far from perfect, and its vulnerability has been a staple fact for years. Viruses and malware can easily penetrate the little green guy, but Google is also quick in countering these suspicious worms. Now, a new malware has been discovered on several Google Play apps. Multiple sources are now reporting on this and issuing a warning to Android users to be vigilant when downloading new apps from the virtual marketplace.
Express UK said that the new strain of spyware was first discovered by Security Without Borders who dubbed the virus as Exodus. Researchers spotted Exodus on almost 25 Google Play apps and added that it has two stages: Exodus One and Exodus Two. The spyware is said to be "disguised as service applications from mobile operators" and they believe that it was developed by Italian firm eSurv who, in 2016, began working on intrusion software.
Exodus is capable of "extensive collection and interception capabilities" that could further inflict harm and data tampering. It can, among others, collect basic information about the devices such as the IMEI and the phone number and sends it to a Command and Control server.
Another source explained that Exodus can also root devices using DirtyCOW. Along with this line, the spyware can also retrieve passwords, chat logs, contact information and "create local audio and video recordings." While recently updated devices are somewhat immune to these, Exodus can still exploit them through uninformed data gathering.
Express UK added that after Exodus was seen on the Android platform last month, the spyware has now made its way to infect iOS devices. According to IT overseer Lookout, the iOS versions were made available through phishing sites after Apple's Developer Enterprise programme was "abused." Apple was already informed by Lookout and said that users are safe as long as their devices are up-to-date.
Security Without Borders has already contacted Google about Exodus following its discovery. Since then, Google Play was able to take down the 15 malicious apps. They also said that Google Play Protect will, in the future, be able to detect "future variants of these applications" now that they are using "enhanced detection models."
