Exaspy was recently uncovered by the research team of Skycure. The malicious program is a mobile spyware package, targeting Android users. Exaspy has been developed to conduct large-scale attacks, stealing data from corporate executives.
The virus has been categorized as a spyware package because it has a set of functions for extracting information. Exaspy can access all kinds of messages, ranging from the native email client, Gmail, Google Hangouts, Facebook Messenger and Skype to SMS, MMS, Viber, WhatsApp and others. To sum things up, the spyware kit can record information from email platforms, chat logs, universal and mobile applications.
Internet and online-based accounts are the first branch the infection targets. Exaspy can penetrate the operating system in depth and record input from the web browser and the memory card. The spyware collects the browsing history and call logs. It accesses contact lists, calendars and other stored entries.
Exaspy has the ability to record phone calls and the background sounds, heard during conversations. The spyware can capture screenshots of your device. This can give it access to personal details from your private accounts. The files you store into the memory card, like photographs, audios and videos, will also be recorded.
The information Exaspy collects on users can be enough to break into their personal online accounts. The owners of the spyware have the choice between hacking user accounts themselves or trading the gathered data on the darknet.
Exaspy has an advanced function which allows it to enhance its tasks. The spyware can execute shell commands and spawn reverse shells. This enables the infection to use exploits which are not included in its basic package. The elevated privileges enhance the penetration ability.
Attacking company accounts extends to a larger scale than targeting natural persons. The owners of Exaspy can get access to confidential information about the enterprise and its clientele. For instance, the spyware can collect financial records, product details, intellectual data, plans and the audio from internal meetings.
The malware may obtain the credentials for accessing customer accounts. With the security risk concerning the company’s responsibilities, it would be easier to swindle the victims. The cyber criminals behind Exaspy can ask for a ransom by threatening to publish private customer data.
Exaspy disguises as a legitimate program
Research has revealed that Exapsy uses a deceptive tactic to penetrate Android devices. The spyware poses as the Google Play Services app. The infection hides behind a slightly different name – Google Services. You may not tell the difference. In order to infect a targeted device, the spyware needs to get the user to download and install it. Exaspy uses the phishing technique to gain entry. The virus hides inside spam emails.
On a concerning note, Skycure have discovered that the creators of Exaspy provide services through the spyware. Elisha Eshed of Skycure Research Labs discussed the situation around Exaspy, saying: “We are entering a new era of mobile threats as Android spyware evolves to become a commodity product.”
In a blog, she talked about the concept of Exaspy as a form of malware service: “What that means is that you no longer need deep technical expertise to hack into someone’s mobile device. The spyware attackers need is now available online for easy purchase and use, similar to the tools available for running DDoS attacks against websites. This is a significant step in the evolution of mobile malware, and one which will make proactive mobile threat defense for IT that much more crucial.”
