Google Play again used to host malware-laden apps; this time, Overseer

Once installed Overseer would steal a laundry list of personal information.
Once installed Overseer would steal a laundry list of personal information.

Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

Once installed Overseer would steal a laundry list of personal information including, user's name, cell number, email address and contacts, the victim's exact location, network ID, internal and external memory, phone type, permissions and more, wrote Michael Flossman and Kristy Edwards, researchers with Lookout Security, in a blog.

The apps in question included an embassy finder that targeted foreign travelers and what were most likely fake news apps developed specifically to spread Overseer.

One reason the malware caught the researchers attention is because it uses Facebook's Parse Server hosted on Amazon Web Services for command and control purposes.

“This allows it to remain hidden because it doesn't cause Overseer's network traffic to stand out and could potentially present a challenge for traditional network-based IDS solutions to detect,” the researchers said.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS