The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post. Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.
“Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.
Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more
