Android smartphone users are used to being told that their devices are vulnerable, but now a new series of digital horrors has sprung up in Pakistan, according to Sophos Labs.
Apps that look legitimate and are, apparently, official Government apps, are being taken over by bad guys. These include a modified version of the Pakistan Citizen Portal app, Pakistan Salat Time (the Muslim prayer clock) Mobile Packages Pakistan app – a price comparison app, an insurance company app and a tool that can check a phone’s SIM card for validity.
The apps look completely normal and carry out the functions that they are meant to. The difference is that the virus inside carries out its work too. And that work is harvesting and exporting the data on the phone, from location data to photos, from messages to sensitive passport information and more.
The attacks on Pakistan are clever. The apps are hosted on sites that are not Google Play but are almost identical and have even received security certificates. Also, the initial download does not contain the full armoury of malware. That is quietly downloaded after the app has been installed.
The one clue that will help is the level of access that the app asks for, which is far more than simply location data or photos and includes access to the very heart of the machine.
The Pakistan focused spyware is also under active development and Sophos has found test apps in a variety of places.
The advice from Sophos is to download any app from a trusted source, such as Google Play and to make sure that Android users have antivirus software installed, such as their own.
While hacking, malware, ransomware and the rest are nothing new, this new menace demonstrates just how sophisticated, stealthy and subtle hackers have become.
Hackers also leave people scratching their heads, not because of the sophistication of attacks such as this Pakistan one, but mainly because most attacks trigger a bigger question.