Exodus collects personal information and roots Android devices to enhance its spying feature
A terrifying new malware is doing the rounds on Android and iOS devices. The malware, dubbed Exodus can steal personal data from your device.
The virus was discovered on an Android smartphone by information security researchers from Security Without Borders. The group of cybersecurity researchers reportedly found the malware on the Google Play Store, where it infected over 20 applications.
Researches at Security Without Borders wrote: “We identified previously unknown spyware apps being successfully uploaded on Google Play Store multiple times over the course of over two years. These apps would remain available on the Play Store for months and would eventually be re-uploaded.”
Exodus collects personal information and roots Android devices to enhance its spying feature. Once this malware infects an app, it collects basic details like phone number and IMEI number. Users’ personal data is then sent to a control server, which launches multiple binary packages that help track the device. Lastly, a programme called DirtyCOW attempts root access, giving the spyware to collect any data stored on the phone including chat logs, contacts, photos and passwords.
Security Without Borders also listed some of Exodus’ data collection and exfiltration capabilities:
Exodus can Retrieve all sorts of data including a list of installed applications, SMS messages, media exchanges through WhatsApp, browsing history and bookmarks from Chrome and SBrowser.
The spyware can also Extract events from the Calendar app, the contact lists from the Facebook app, logs from conversations on Facebook’s Messenger app, call logs, WhatsApp logs, address book, information from the Gmail app, information on pictures from the Gallery, data from the WeChat app, current GPS coordinates of the phone, Wi-Fi network’s password, messages and the encryption key from the Telegram app and contacts, and messages from the Skype app.
Exodus also Records surroundings using the built-in microphone as well as phone calls’ audio in 3gp format.
The malware can also take pictures with the embedded camera, collect information on surrounding cellular towers (BTS), take a screenshot of any app in the foreground and dump data from the IMO Messenger app and Viber messenger app.Security Without Borders also discovered an iOS variant of the spyware. On iOS, the attacker hid the malware in Apple’s Developer Enterprise programme. While Exodus has only affected a small number of users, it is advisable to stay away from dodgy apps and be wary of new apps you download on your handset.