A new malware campaign has been identified by researchers that are currently targeting middle eastern Android device users. This new campaign has been named “ViceLeaker” and deploys the malware payload in APK files through messenger applications such as Telegram and WhatsApp. This new payload acts as a spyware program that is designed to extract all available data from the user’s infected devices. It is surmised that this campaign is currently targeted at the Middle East since all samples have been found on Android users in Israel. On top of the spyware capabilities that exfiltrate victim’s call logs, SMS messages, and social media information, the samples found also have a backdoor function that would allow attackers complete access to the infected device. The malware uses HTTP for sending the copied data back to its command and control server. It is currently unclear as to when or if the US will be targeted, but it is very likely. Currently, the operation of ViceLeaker is going strong and the attackers appear to be looking for ways to expand their operation.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is