SoylentNews

RandomFactor [soylentnews.org] writes:

According to a technical report [securitywithoutborders.org] issued Friday, a new surveillance malware, aimed at Italian users and dubbed 'Exodus' has been infiltrating the Google Play store. It is also being reported [sophos.com] that the software is contracted by the Italian Government from a surveillance company called eSurv based in Catanzaro, in Calabria, Italy.

According to Google,

nearly 25 variants of this spyware were uploaded on [the] Google Play Store. Google Play has removed the apps and they stated that "thanks to enhanced detection models, Google Play Protect will now be able to better detect future variants of these applications".

Although the software has built in checks to confirm the target is Italian, it is of limited effectiveness.

Exodus includes a function called CheckValidTarget function that supposedly exists to “validate” the target of a new infection, but the researchers suggest that not much “validation” is going on, given that the malware activated immediately on the burner phone they used, and stayed active throughout their tests.

The malware doesn't just violate your security, it more or less destroys it

binding a shell on all available interfaces will obviously make it accessible to anyone who is sharing at least a local network with an infected device. For example, if an infected device is connected to a public Wi-Fi network any other host will be able to obtain a terminal on the device without any form of authentication or verification by simply connecting to the port.

If the mobile operator doesn't enforce proper client isolation, it is possible that the infected devices are also exposed to the rest of the cellular network.

Obviously, this inevitably leaves the device open not only to further compromise but to data tampering as well.

Google indicated that all downloads of the malware were from Italy.

Original Submission