Triout- A Malware Framework That Turns Android Apps Into Spyware

Triout- A Malware Framework That Turns Android Apps Into Spyware

There is no operating system, which can be malware-proof. Malware developers always seek opportunities to spy, tamper or steal your important data. However, with the introduction to concept of Android devices such as smartphones, tablets, and even smart TVs, malware developers have been blessed with new opportunities to infect as many devices as they want. Devices even include location-tracking hardware, cameras and microphones. They can use a good number of devices to convert them into powerful spy tools(malware).

Android application into perfect spyware tools.
                                                         Image source: – extremetech


According to researchers from Bitdefender, a new Android spyware has been detected, which is named as Triout. The malware functions as a framework that imparts extensive surveillance abilities to apps that may look benign. This framework is founded bundled with repackages applications. Some of abilities it builds inside the app are making the app highly undetectable, ability to record phone calls, recording incoming text messages, taking pictures and recording videos without consent, gathering GPS coordinates and further broadcasting them to a command and control server, which is controlled by cyber criminals.

Triout was identified firstly on May 15 by Bitdefender security experts. The sample was uploaded to the server of VirusTotal from Russia. However, majority of the scan alerts were received from Israel.

Msut Read : Beware Of Android Phones With Pre- Installed Malware In The Market

In the latest whitepaper produced by Bitdefender, it is stated that the malware was inserted into a malicious application that was then present in Google Play Store. Triout is super-stealthy as it acts, looks and functions exactly like an original application. The malware was once found inside a popular adult app to victimize Android users. The malicious software contained the Triout malware that could capture data and transmit it to C&C server controlled by the attacker.

A Malware Framework
                                                                Image source: – thehackernews


Further in the whitepaper by Bitdefender, they state that Triout malware framework enables apps to perform several spying operations such as follows: –

  • Recording phone calls, saving them and transmitting it to C7C server
  • Recording incoming messages and sending it to the attacker’s server
  • Sending call logs, which includes details like type of call, duration, contact name and date to attacker-controlled server
  • Capturing videos and images and further sending them to attacker-controlled server
  • And last but most importantly, Triout gives app the ability to remain undetected inside the device

But in spite of owning dangerous abilities, researchers were surprised to know that Triout did not use any obfuscation. This actually helped Bitdefender security experts to get into its program code by unpacking APK file, which suggested that Triout is a work-in-progress.

However, it is still not explained by the researchers how this harmful repackaged version of the benign application was circulated out in the open. It could be a possibility that the victims would have downloaded and installed the software from third-party application stores or from websites that attackers have access to. But researchers have found out that the sample owned a Google Debug Certificate.

Also Read : Do You Need an Offline Malware Scanner?

At present, there is seldom any evidence that could reveal the masterminds behind this attack. Researchers aren’t even able to find out the accurate location of attackers. Thus, we can only conclude that attackers are skilled, full of resources and in future can create more lethal spyware frameworks. The only best way to safeguard your devices and hence your data from such attacks by malware is to download applications from Google Play. Also, rely only on verified developers and their websites. Thus, we will be able to narrow down attacker’s broad range of opportunities.

Last but most importantly, we should not blindly give permissions to each and every app we download and install. We must learn to read messages that ask for permission, rationalize why the app seeks the permissions and then decide whether to grant them or not. Always think twice before providing permissions to access GPS, access call logs, read messages and access any data on phone.

Quick Reaction:

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe & be the first to know!

Signup for your newsletter and never miss out on any tech update.