MADRID, Aug 10 (Portaltic/EP) –
The cyber intelligence company cybel discovered new details about ‘Dracaria’kind of spyware that affects devices Android and pretends to be applications to infect its victims’ “smartphones”.
Goalarrangement of Facebookfirst discovered this “malware” a few months ago when he named it and mentioned it in his threat report the second quarter of this year.
Then the tech company linked its use to the group of cyber criminals known as bitter fitting, which operates in Southeast Asia and focuses its attacks on countries such as New Zealand, India, Pakistan and the United Kingdom.
The company explained in its report that Bitter has merged this “spyware” into unofficial and illegal versions of applications such as YouTube, Signal, Telegram or WhatsApp, among other personalized chat platforms.
As Meta commented in this article, once installed, this ‘malware’ is able to access call log, contact list, files, text messages, geolocation, device information, as well as change Android access permissions and enable microphone, install other’ Apps’ or take photos with the camera.
Now Cyble has released a technical report in which he focused on how “Dracarys” uses one of the affected applications, in this case Signal, to carry out his attacks, stealing information and sending it to the external server firebase.
First of all, cyber criminal Bitter, also known as T-APT-17, has a web portal using the domain “signalpremium.com’ and that it used to pose as the platform’s official download page.
Furthermore, it exploits the fact that Signal is an open-source “software” to recreate and pass off as legitimate a fully-functional version of the program with all its known functions and features, and includes “Dracarys” code within it.
The installation of the trojanized Signal app asks the user to access services such as contact list, SMS, camera, microphone, device storage, location and the ability to make calls.
In addition, the spyware violates accessibility services to grant itself additional permissions, so it continues to work in the background even after the user has closed the application..
HOW TO PREVENT ONE OF THESE INFECTIONS
The cybersecurity company has provided users with a series of recommendations to avoid becoming a victim of this “malware”, among which the exclusive installation of applications from official stores such as Play Store or App Store stands out.
In addition, the company also considers the use of antivirus systems convenient “allegedly” on all connected devices such as desktops, tablets, laptops and mobile phones.
It is also advisable to use strong passwords and enable multi-factor authentication. “if possible” and the functions biometric security, such as fingerprint identification or face recognition.
On the other hand, links from suspicious emails or the automated SMS service should be avoided, as well as caution when granting certain permissions to an “app”.
Finally, the cybersecurity firm recommends keeping all devices updated and, in the case of Android, secure have the Google Play Protect tool active.