Security researchers at Check Point recently discovered a new strain of Android malware. ‘Rogue’ is a combination of two older malware samples, which provides attackers with access to almost everything a user does on an Android device.
According to the researchers, Rogue is capable of device takeover and exfiltration of data, such as photos, location, contacts, and messages.
Powerful malware with keylogging capabilities
Rogue also infects victims with a keylogger, allowing attackers to easily log and monitor the use of sensitive apps to steal usernames and passwords.
Aggressive Rogue marketing on the dark web
The low cost and the aggressive marketing of the Rogue malware also reflect the sophisticated criminal ecosystem in the dark corners of the internet.
With an initial price tag of 29,99 USD per month, Rogue makes it possible for wannabe-hackers with limited technical skills to acquire the tools to stage attacks on your apps.
Android Accessibility abuse
Check Point explains that “like many other malicious applications, Rogue can adapt the Android “AccessibilityService” to suit its own needs.”
The Android Accessibility Service is a key part of helping the elderly and disabled use their smartphones. However, it also opens up the door for malware developers.
List of malicious apps
If you have downloaded any of these apps, delete them immediately!
Shortcut name (visible in menu), [Application name (visible in app properties)]
AppleProtect, [se.spitfire.appleprotect.it]
Axgle, [com.absolutelycold.axgle]
Buzz, [org.thoughtcrime.securesms]
Google Play Service, [com.demo.testinh]
Idea Security, [com.demo.testing]
SecurIt, [se.joscarsson.privify.spitfire]
SecurIt, [sc.phoenix.securit]
Service, [com.demo.testing]
Settings, [com.demo.testing]
Settings, [com.hawkshawspy]
Settings, [com.services.deamon]
wallpaper girls, [com.demo.testing]
Wifi Pasword Cracker, [com.services.deamon]
