New Chinese Android Malware can steal all your chats on Whatsapp, FB Messenger and 12 other IMs

Security researchers have discovered a new strain of Chinese Android Trojan that is customised simply to steal your chats, shared videos, pictures and audio files.

One of the Chinese apps, Cloud Module (in Chinese) was found to be infected with this malware with the package name com.android.boxa

How is this malware different than others? It was observed that instead of a full-blown remote administration Trojan like others, this one is rather simple and only aims at stealing data from Instant Messaging (IM) Apps, alongside with making sure that it is persistent and well protected from malware detection and prevention systems.

Once installed, It infects internal Android configuration files to make itself launch every time the mobile device starts. This is to make sure that the attacker is always listening to all your private communication.

Moreover, this malware was found with advance anti malware evasion techniques that included abilities to detect if it was being run on an emulated/virtual environment which is generally used by malware analysts to monitor the working of a malware in an isolated environment.

It was also observed that the source code of the malware was completely obfuscated to make it extremely difficult for analysts and Anti malware to understand the working of the Chat stealing trojan.

IMs are targeted by boxa trojan
It targets a total of 14 IMs as of now. They are as follows:
* Facebook Messenger
* Skype
* Telegram
* Twitter
* WeChat
* Weibo
* Viber
* Line
* Coco
* BeeTalk
* Momo
* Voxer Walkie Talkie Messenger
* Gruveo Magic Call
* TalkBox Voice Messenger

How does this malware spread?
As this is a Chinese malware and China doesn’t have any Google Play Store, this malware is speculated to spreading through 3rd party Android app stores and phishing campaigns.

What this means is Google’s internal antimalware measures will not detect this malware and nor can Google remotely uninstall the infected apps even if it finds out about them.

How can consumers stay safe?
Users are suggested to be extremely cautious while installing applications on their devices.

One must never download apps from 3rd party app stores especially the ones that offer extra functionalities like cracked versions of paid apps and apps with unlocked paid features such as Games and other In-App purchases.

Moreover, as this malware is quite possibly being spread via Phishing Campaigns just like most other malware, users are suggested to keep an eye out for fake emails, messages, pop-ups etc that ask them to click links/download 3rd party apps. Never click on untrusted links and never download from untrusted sources.

Keeping these in mind, below are some common security measures that users must take for the general security of their Android device:

Always check what all permission the app requires the users to allow before installation. Stay cautious with permissions that don't seem legitimate, for instance, if a calculator app wants to access your call logs or messages it is clear that the app wants unnecessary permission and can be malicious. Trust your gut!

* Don’t download apps from unknown sources, they can be infected with data-stealing malware hidden behind a genuine looking app. Stay away from pirated apps.

* Do not enter your confidential details like your bank account details etc on any application other than the one that the data belongs to. Ie. your bank app.

* For added security, set your app store settings to “Do not allow third-party app downloads from untrusted sites.”

Google recently launched “Google play protect”. Make sure that the application is verified by “Google Play Protect” else avoid downloading the app.

* Check reviews and ratings given by others users who have installed the application.If the ratings are unsatisfactory it is not preferable to download the app.

* Check the number of downloads, if the number of downloads is less than 50k, it may be risky to download the app.

* Check the app for spelling errors, grammatical errors or logos that appear to be poorly designed. These may point to malicious or simply ill-managed apps.

* If there is an invalid email address and no official website then it is likely that it is a fake app.

* If the application contains lots of advertising or pop-ups then it's better to uninstall the app as it may be designed for phishing purposes

* It’s always good to have a reputed antivirus/antimalware app in your smart-device as it will keep protected from most attacks.

Finally, THINK BEFORE YOU DOWNLOAD!

Also Read

Stay in the know with our newsletter