New Android spyware can steal WhatsApp data, contacts, browser history, photos and more

• The new spyware is believed to be still in development and was found as part of open source project online.
• The spyware’s code is publicly available and comes packed with numerous surveillance features.

A new Android spyware that is believed to be in still in development has recently been discovered. The malware comes packed with numerous surveillance features and its code is currently publicly available.

The malware was first detected by ESET researchers Lukas Stefanko, who took to Twitter to share its impressive list of features. The yet-to-be-named spyware is capable of stealing WhatsApp data, contacts, browser history and photos, among other things.

The malware is also capable of activating an infected device’s camera to take photos, record calls and take screenshots. According to experts at G DATA Security Labs, who analyzed the spyware, the malware’s code, titled “OwnMe” was left publicly available on GitHub.

“First it displays a toast, which is a pop-up like message, to the user with the text ‘Service started’. This makes me thinking that the malware is still under development since criminals normally want their actions to be as silent as possible in order to not raise any suspicion by the user,” G DATA Security Labs said in a report.

In this case, a “Service” is an application component that either represents an app’s motivation to perform a long-term operation with little-to-none user interaction or to supply functionality that other applications can use.

In the case of the new Android spyware, if it has internet access, a connection to a server is established, which in turn, allows the malware to begin conducting operations.

However, several of the spyware’s features, such as the screenshot feature, appears to be incomplete - yet more evidence that suggests that the malware is still being developed by the malware author(s).

The emergence of this new spyware is indicative of how cybecriminals are attempting to expand the scope and reach of their attacks. Last month, Bitdefender researchers discovered a new strain of Android spyware dubbed Triout that is capable of tracking an infected device’s location, record calls, track text messages and more.

Although traditionally, spyware used to be more common in espionage campaigns, their emergence in the mobile malware arena hints at how cybercriminals are repurposing malware to include a wide variety of features - all aimed at increasing their profits.

According to App47, mobile malware variants have seen a dramatic rise recently, with a 54 percent spike since 2016, ZDNet reported.