Spyware apps have been discovered on budget Android smartphones, preloaded before reaching customers. These apps impersonate popular messengers like WhatsApp and Telegram.
Researchers found that these malicious apps specifically target cryptocurrency users. The spyware can swap wallet addresses in messages, rerouting funds to cybercriminals.
This campaign, active since June 2024, focuses on low-end Chinese smartphones. These phones often mimic big-name models with names like S23 Ultra or P70 Ultra. Most affected devices come from lesser-known brands, including SHOWJI.
Fake Apps, Real Threats
The spyware apps are part of a malware family known as Shibai. They were created using a tool called LSPatch. This tool allows hackers to inject harmful code into otherwise real apps.
Therefore, users may think they are using legitimate messaging services. However, these apps steal personal data and tamper with cryptocurrency transactions.
For example, the malware replaces wallet addresses in both sent and received messages. Victims often remain unaware, as the app still displays the correct address to them.
Device Info and Images Also at Risk
These fake apps do more than swap wallet addresses. They harvest device details, full message histories, and even images stored in common folders.
The malware scans these images for recovery phrases linked to crypto wallets. If found, this lets attackers fully access and drain victims’ digital assets.
Researchers have linked the operation to over 30 malicious domains and 60 command-and-control servers. So far, the hackers have stolen more than $1.6 million.
Other Threats Are Also Emerging
Another threat, known as Gorilla, is also targeting Android users. This malware collects device details, intercepts SMS messages, and maintains long-term access.
Written in Kotlin, Gorilla is still under development. However, it already communicates with a central server and avoids detection by skipping obfuscation methods.
Meanwhile, trojans like FakeApp have also appeared on the Google Play Store. These apps act like popular games or utilities. Once installed, they can load phishing websites or serve fake login windows.
How to Protect Yourself
To avoid spyware apps and protect your data, follow these steps:
- Only buy phones from verified, reputable sources.
- Avoid unknown or off-brand Android devices, especially ultra-cheap ones.
- Check app permissions carefully. If an app asks for too much access, uninstall it.
- Never download APK files from unknown websites.
- Use trusted security software to scan for threats.
Supply chain attacks are growing. However, informed choices and safe habits can stop spyware before it takes hold.
Sleep well, we got you covered.
