Symantec has discovered a new mobile spyware it is calling Android.Spywaller that uses a legitimate security tool to spoof its way onto a device, specifically those in the Chinese market.
Symantec said the spyware poses as a Google Services app and “uses an embedded copy of a legitimate security tool to compromise other security protection tools that could be used to defend against it.”
This helps entice victims because official Google services, like Google Play, are unavailable in China. The spyware then releases its payload containing malware into the device's memory.
The spyware then attempts to root the device and collect personal information along with call logs, SMS, images, emails and browser data, which is sent to the spyware's server.
Symantec noted that infection rates remain low, but the spyware is important as it reflects a hackers ability to use legitimate software for malicious purposes.