A new mobile Remote Access Trojan (RAT) named CallerSpy is targeting Android devices, according to information from TrendMicro. CallerSpy collects personal information such as call logs, SMS text messages, contacts, and files on the device through the use of Evernote’s Android-Job. This library is used to schedule jobs, which will run concurrently in the background. Additionally, this RAT has the ability to receive commands from its Command and Control (C2) server in order to take screenshots, record the environment, upload data, and update the RAT configuration. The malware distribution site gooogle[.]press mimics Google in order to trick users into downloading the app.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for