Android users now face another threat from a newly discovered malware campaign. Termed ‘Bouncing Golf’ by the researchers, the new campaign actively targets Android devices, particularly in the Middle East. The campaign infects Android devices with ‘GolfSpy’ malware that executes Cyberespionage activities.
Android Targeted By Bouncing Golf Malware :
Researchers from TrendMicro have revealed an ongoing malware campaign targeting Android users. The Bouncing Golf campaign is presently targeting ME countries for cyberespionage purposes. The campaign involves infecting the devices with ‘GolfSpy’ malware that pilfers data from the target device and spy on users’ activities.
As elaborated by TrendMicro in their blog post, malware campaign works by maliciously repackaging known apps. These apps are not available on the Google Play Store or any other marketplaces. Rather the campaign markets these apps separately on social media by promoting the website hosting the apps.
Upon reaching the users’ device, the apps deliver malware “AndroidOS_GolfSpy.HRX” that bears Cyberespionage capabilities. The malware then collects information from the device and sends it to a C&C server in encrypted form. Moreover, the malware also receives commands from a remote server to execute further actions.
WORKING OF GOLFSPY :
After it is launched, GolfSpy will generate a unique ID for the affected device and then collect its data such as SMS, contact list, location, and accounts in this format: “%,,time”. The information is written into a file on the device. The attacker can choose the data types to collect, which are written in a certain format.
Besides collecting information, the malware also spies on user activities by monitoring and recording phone calls. It also takes users’ photos through the front camera whenever the user wakes the device.