Your private messages, location, and other sensitive information may be targeted by an advanced Android malware called “SpyDealer”. The malware, which was discovered by cyber-security company Palo Alto Networks, extracts data from more than 40 apps, and it targets some of the most popular social apps and browsers. These include WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
To make the intrusion even scarier, aside from information such as accounts, messages, location, and contacts, SpyDealer can also record private calls, take photos and screenshots, and track the location of your phone.
The malware uses a commercial rooting app “Baidu Easy Root” to gain access to private information. According to Palo Alto Networks, it is still unknown how devices were initially infected with the malware, but there is evidence that suggests that users in China became infected through compromised wireless networks.
The malware is not as potent as it sounds. SpyDealer is effective against a quarter of all active Android devices: those running versions between 2.2 and 4.4. On devices running later versions of Android, it can still steal significant amounts of information, but it cannot take actions that require higher privileges. Still, the analysis shows that SpyDealer is currently under active development and that there are three versions of the malware in the wild.
Palo Alto Networks noted that the malware has not been distributed through the Google Play Store. Google has announced that they have already taken precautions against the infestation through Google Play Protect.