Android phone and tablet owners have been put on red alert about a dangerous new malware strain hiding in bogus YouTube and WhatsApp apps. The alert was issued by Meta – owners of Facebook, Messenger, Instagram and WhatsApp – who in a recent report revealed the new Dracarys malware is being injected into fake versions of popular apps. This malware strain is capable of stealing call logs, contact information, files, SMS texts, geolocation and device details from an Android device as well as taking photos secretly, enabling the phone or tablet’s microphone and installing apps without a user’s approval.
In their latest adversarial threat report Meta said Dracarys, which is named after a Game of Thrones battle cry for dragons, was being spread by the Bitter APT hacking group who have been carrying out attacks in the UK, New Zealand, India and Pakistan.
The Android malware has been found in fake versions of YouTube, Signal, Telegram and WhatsApp.
The new Android malware gets access to a whole range of insidious features after abusing a device’s accessibility services which then gives it access to increased permissions.
The Meta report said: “We found Bitter using a new custom Android malware family we named Dracarys. Notably, it used accessibility services, a feature in the Android operating system to assist users with disabilities, to automatically click through and grant the app certain permissions without the user having to do it.
“Bitter injected Dracarys into trojanised (non-official) versions of YouTube, Signal, Telegram, WhatsApp, and custom chat applications capable of accessing call logs, contacts, files, text messages, geolocation, device information, taking photos, enabling microphone, and installing apps.
“While the malware functionality is fairly standard, as of this writing, malware and its supporting infrastructure has not been detected by existing public anti-virus systems. It shows that Bitter has managed to reimplement common malicious functionality in a way that went undetected by the security community for some time.”
Meta’s warning that this new Android malware can sneak past anti-virus detection is worrying, especially for those that have already downloaded affected apps.
The malware is in the early days so hopefully in the future it will be capable of getting scanned by antivirus apps.
But in the meantime its especially important to make sure you only download official apps from the Google Play Store.
Don’t download unofficial apps for services like WhatsApp and YouTube, and avoid apps for these programmes from third-party APK websites.