A dangerous new malware is making its way across the Android community this summer. It’s called SpyDealer, and it’s capable of rooting one in four Android devices.
The malware comes in the form of a trojan. Researchers have traced the trojan’s activity all the way back to October 2015 – although its activity has only recently been discovered.
That potentially means that SpyDealer has secretly rooted thousands of Android devices over the years – which is a frightening thing to consider. A hacker with root access to your phone could control virtually every aspect of your Android – including silently activating your microphone or camera to record you, for example.
The trojan was spotted by security experts at Palo Alto Networks in July. Three versions are still deployed in the wild today – although researchers warned that the malware is still under development, and more malicious features could be deployed in the future.
One of the Worst Android Malware Weapons We’ve Ever Seen
The malware is filled with intrusive features that target nearly every corner of your smartphone, including:
- The ability to steal data from apps installed on your phone, including Facebook, Facebook Messenger, WeChat, WhatsApp, Skype, Viber, and other popular communication platforms
- The ability to monitor browser activity through the Android native browser, Firefox browser, and even lesser known options like the Oupeng Browser
- The ability to control a target’s phone via UDP, TCP, and SMS channels
- The ability to silently take screenshots of the user’s phone screen
- The ability to secretly activate the microphone or front and rear-facing cameras to record the user
The malware does all of this in addition to collecting smartphone details like incoming phone calls, geo-location data, SMS history, contact information, and more. Essentially, it’s capable of tracking everything you do on your phone.
Why Does It Root?
Obviously, many of the privileges listed above require higher level access than an ordinary app can receive. That’s why SpyDealer attempts to root your Android device using a tool called Baidu Easy Root.
SpyDealer can successfully root about 1 in 4 Android devices using this method. After it grants itself root access, it can monitor virtually everything on your Android.
So far, most of the affected users are located in China, and the trojan seems to be particularly targeted towards Chinese users. The app has been spotted packaged inside apps with innocent names like “GoogleUpdate” or “GoogleService”.
Typically, we think of rooting Androids as being good for your phone. But as the SpyDealer malware demonstrates, malicious rooting can have devastating effects.