Government spyware found on Google Play Store

Researchers have discovered a new type of government malware that was visible to everyone in the official Android app store Google Play Store. Experts believe that this program was used for wiretapping users.

The malware was hiding in several applications hosted on the Google Play Store. During the months during which the program went unnoticed, hundreds of users managed to infect their devices.

As representatives of the Motherboard found out, this Android-malware was sold to the Italian authorities by a company engaged in the development of surveillance cameras. Experts say that the program could hit completely innocent people, because the authors did not figure out how to correctly target it.

Experts also tend to believe that this spyware program is illegal. Most of them once again pay attention to the fact that all protective measures of the Google Play Store at this stage can be circumvented.

The malicious program, trying to mislead users, tries to look like a completely safe application. For example, versions that were disguised as special offers from Italian telecom operators were noted.

Experts called this program Exodus. Once installed, the Exodus system checks the phone number and IMEI of the device. The malware then initiates the download of a ZIP file, which stores a program that cracks the phone and steals user data.

Exodus is interested in audio recording of everything that surrounds the device you are listening to, recording calls, browser history, calendar information, geolocation, Facebook Messenger logs, WhatsApp chats, and SMS messages.

A sample of eSurv's command and control servers. (Image: Security Without Borders)
Command and control servers of Exodus.

At the time of publication, the Italian State Police did not respond to multiple requests for comment on the technology subject to their tender, nor they had replied to questions on the use of this spyware. Questions to two Italian Public Prosecutor’s Offices went unanswered as well.

The police agent agreed that eSurv’s spyware lacked the right scope and safeguards to ensure it wouldn’t hit people who were not being under investigation.


User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

three Iranian hackers

US Department of Justice accuses three Iranian hackers of hacking aerospace companies

The US Department of Justice has filed charges in absentia against three Iranian hackers suspected …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.