Italian Spyware Malware Found on Google Play Store

Severity: High (Score: 72.0)

Sources: www.vice.com

Summary

A surveillance company developed Android malware that was available on the Google Play Store for nearly two years, affecting hundreds of users. The malware, sold to the Italian government, was disguised as harmless apps to trick users into installation. Researchers from Security Without Borders and Motherboard identified over 20 malicious apps that evaded Google's security filters. The spyware was poorly targeted, potentially ensnaring innocent victims. Italian prosecutors have launched an investigation, seizing the company's computers and shutting down the malware's infrastructure. Google confirmed the removal of 25 different versions of the spyware after being alerted by researchers. The incident raises concerns about the effectiveness of Google Play's malware detection mechanisms. Key Points: • Over 20 malicious Android apps were available on the Google Play Store for nearly two years. • The spyware was developed by an Italian company and sold to the government for surveillance purposes. • Italian prosecutors have initiated an investigation and seized the company's infrastructure.

Key Entities

• Malware (attack_type)
• China (country)
• Italy (country)
• Singapore (country)
• jabber.ccc.de (domain)
• motherboard.tv (domain)
• vice.com (domain)
• Government (industry)
• AndroRAT (malware)
• Dark Eagle (malware)
• Exodus (malware)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1105 - Ingress Tool Transfer (mitre_attack)
• Android (platform)
• Google Play Store (platform)