Friday, December 22, 2017

New “GnatSpy” Mobile Malware Stealing data Such as Images, Text messages, Contacts, and Call History

New “GnatSpy” Mobile Malware Stealing data Such as Images, Text messages, Contacts, and Call History

Mobile Malware

A newly emerging mobile malware GnatSpy capable of abusing infected mobile and stealing various type of data such Images, Text messages, Contacts, and Call History.
GnatSpy is a new variant of VAMP which is dangerous Google Android malware family that mainly targeting mobiles to stealing sensitive data.
Many of old VAMP command and control server has been reused by the GnatSpy malware and it openly indicates that these attackers are connected.
This malware family detected as ANDROIDOS_GNATSPY. since distribution actor has not cleared identified, though researchers believe that threat actors sent them directly to users to download and install on their devices.
GnatSpy mobile malware mimics as “Android Setting” or “Facebook Update” to make users believe they were legitimate.

VAMP is an earlier version of this GnatSpy and its behavior altered by Gnatspy mobile malware and adding some sophisticated future later it spreading across to specific targeted groups or individuals.

GnatSpy Mobile Malware Improved capabilities and Working Function

some of the futures are very similar to VAMP variant but it newly evolved with some sophisticated threat actor and behavior.
GnatSpy’s app structure has completely improved and More receivers and services have been added by this malware author and researchers believe that malware author is sound knowledge of software design practices.


  
Old and new receivers and services
To perform an evasion technique to avoid detection, this malware using Java annotations and reflection methods.
Earlier versions of VAMP contained the C&C server used in a simple plain text, making detection by static analysis tools easier..but new variant using hardcoded in the malicious app’s code.

                                                         Hardcoded C&C Server
Here, hardcoded URL  malware is not the final C&C server but it again sends back to the original location of the actual C&C server.

Request and response pair for C&C server
In this case, many of GnatSpy used servers are a newly registered server. and registered person names appear to have been directly taken from various television shows.

An earlier version of this malware makes System Manager on Huawei devices to grant permissions to itself and similarly, Xiaomi devices also granted permission.
But the new version has spread with highly sophisticated techniques and it targets including several function calls targeting newer Android versions (Marshmallow and Nougat).

Code for Marshmallow and Nougat Android versions
“More information about the device is stolen as well, including information about the battery, memory and storage usage, and SIM card status. Curiously, while previous samples collected information about the user’s location via OpenCellID, this is no longer done by GnatSpy.” Trend Micro said.

4 comments:

  1. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete
  2. Hello
    We are professional traders, earning on forex and binary for investors weekly, will love to tell you all more about our investment platform where you can invest funds as little as $200 and start earning $2500 weekly, alot of people has benefited from this investment offer before and during this convid-19 virus, if you passing through financial difficulties due to this coronavirus and you need help paying bills simply choose a suitable investment plan for yourself and start making profit weekly

    $500 to earn $5,000 in 7 days
    $1000 to earn $10000 in 7 days
    $5000 to earn $50000 in 7 days

    To Start your investment now contact Via whatsapp: (+12166263236)
    email: carlose78910@gmail.com

    ReplyDelete
  3. Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to

    (hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time.

    Contact him now and thank me later.

    ReplyDelete
  4. Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to

    (hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time.

    Contact him now and thank me later.

    ReplyDelete

Are you looking for most trusted hosting website?

What is Web Hosting? Web hosting is a service that allows organizations and individuals to post a website or web page onto the Internet. A...