Triout malware is used for extensive targeted Android surveillance

A mobile spyware for Android was disclosed today, with extensive, advanced surveillance capabilities. The surveillance capabilities are: logging every call, text, photo, video and more, and sending the data to the attackers.

The malware dubbed Triout helps hackers to tap into the proliferating footprint of Android-based smartphones. The new threat offers up rich attack surface, filled with microphones, cameras, and location-tracking capabilities.

The spyware’s surveillance vacuum up large amounts of user activity data and uploads all of it to hackers command-and-control (C&C) server.
The C&C server is operational, and the campaign is ongoing.
Interesting is that Triout was first submitted from Russia, but most scans/reports came from Israel.

If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Because WhatsApp’s is very popular among consumers, businesses, and government agencies, hackers will always keep looking for opportunities to do potential scams
WhatsApp had become one of the main communication channels, which is used for sensitive conversations ranging from confidential corporate and government information to criminal incrimination.

The malware was first observed impersonating an app, that looks identical to a legitimate Android app called “Sex Game” which was available in the Google Play store starting in 2016, but has since been removed.
The malware application is almost identical to the original app, both in code and functionality, except for the malicious payload.
Since the discovery, researchers were unable to isolate similar files and because of that, it’s difficult to estimate the spread of the malware. However, the command and control (C&C) infrastructure that collects the information exfiltrated by the malware is operational and was updated in May.

This suggests that new frameworks may have a work-in-progress or a testing status.
Triout trojan is extremely powerful and has the ability to record and upload phone calls, use cameras and make its way into the Play Store; its code was left completely unobfuscated probably because it is an alpha build of a bigger, more potent espionage tool.

We would continue to monitor this cyber threat. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.