With the eXotic Visit campaign, launched at the end of 2021, hackers have spread the very dangerous XploitSPY spyware capable of spying on almost everything on an Android phone
From Eset researchers comes a new alarm for owners of smartphones with an operating system Android: since 2021 a real campaign has been underway to spread a dangerous spywarecalled XploitSPYthrough publication on Google Play Storeon websites and on GitHub of many infected apps.
For the most part these are apps from chat and communicationor utilities that have to do with the telephone part of the smartphone, which have been distributed particularly in Asia (India and Pakistan above all), but their publication on the Play Store does not allow us to exclude that some Europeans have also been able to use them install, Italians included.
XploitSPY: Infected apps discovered
The espionage campaign discovered by Eset was called “eXotic Visit” and the first apps infected with the XploitSPY malware were even published in November 2021. From then to now they have been published about twenty appssome of which were updated versions of a previously released app (Dink Messenger, for example, has been re-released at least three times under the same name).
Some of these apps are blatant imitations of popular chat apps, such as Signal And WeChatothers are apps that promise additional functions such as the possibility of receiving information on the owner of a telephone number with which you chat. The (partial) list of apps discovered by Eset is this:
- Sim Info
- Signal Lite
- Telco DB
- Tele Chat
- Track Budget
- SnapMe
- TalkU
- Zaangi Chat
- Defcom
- Wicker Messenger
- Specialist Hospital
- Expense Tracker
- ChitChat
- WeTalk
- Dink Messenger
- Alpha Chat
Because these apps are dangerous
All these apps were published with, within them, the code of a more or less updated version of XploitSPY malware. It is a powerful spyware, capable of both spy on your phone thoroughly than to partially take control of it to send messages to other users, in order to spread quickly. Here is the list of XploitSPY capabilities:
- Read files on your phone
- Send SMS
- Read the list of calls, contacts, messages and installed apps
- Know available WiFi networks, phone location, user accounts
- Take photos with your phone
- Record audio from microphone
- Intercept notifications from WhatsApp, Signal and other chat apps
It is clear that, with these characteristics, XploitSPY can know almost everything of the owner of the infected phone, which is why it is considered one of the most dangerous viruses that are circulating in this period.
How to defend yourself from XploitSPY
Apps infected with XploitSPY were mainly downloaded from Google Play Store which, once again, he failed to block dangerous software. According to Eset, they were mainly downloaded by Indian and Pakistani users.
When an app is reported and recognized as infected, Google removes it from the Play Store and activates the mechanism Google Play Protect, which basically automatically deletes the app from all phones on which it was downloaded. In most cases, therefore, even those who have suffered the infection should now have a clean phone (but in any case they have been spied on for months).
However, the apps were not always downloaded from the Play Store: they were also available on GitHub and on several owl sites, which do not have any mechanism similar to that of Google. In all these cases, therefore, even if the infected app is discovered and reported, it remains there until the user removes it. delete manually.
