How SpyDealer Malware hacks your Facebook, WhatsApp, Web Browser, and other Android apps

A few days ago I told you about the CopyCat malware for Android smartphone that infected about 14 million devices and the malware authors earned about $1.5 million via fraudulent ads.

Now, the security researchers at Palo Alto Network have identified a malware that has the power to hack 40 or more social media accounts.

Before going ahead and tell you the details of the malware, let me inform you that this malware, called SpyDealer, affects only the Android versions between 4.4 KitKat and 2.2 Froyo. These users account for about 25% of the total Android users, i.e., 500 million.


What does SpyDealer malware do?

SpyDealer has advanced capabilities like exfiltrating data private data from more than 40 popular apps. The list of the targeted apps includes the following:

WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk

SpyDealer malware abuses the Android Accessibility Service feature for stealing sensitive messages from the above-mentioned communication applications. This malware also puts your personal information like phone number, IMEI, SMS, contacts, call history, WiFi information, etc. The malware abuses the popular Baidu Easy Root app to gain root privileges.

That’s not all. The SpyDealer malware also has the capability to remotely control the device via UDP, TCP, and SMS channels. As SpyDealer has complete control over the device, it can record calls, take photos and monitor the device location.

According to the Palo Alto Network researchers, the malware hasn’t been able to penetrate Play Store and use it as a distribution channel. They suspect that the malware initially spread via compromised wireless networks of the Chinese users.

As per latest data, SpyDealer’s 1046 samples have been identified and it’s still under active development.