Researchers at Trend Micro have discovered it in two different apps so far: Chatrious and the Apex App. Chatrious has since vanished from Google’s Play Store, but at the time this piece was written, the Apex App is still available for download.
If you have either of these, you should delete them immediately.
In both strains unearthed so far, when a user downloads the app and launches it, the program will quietly connect to a command and control server. It will then begin rooting around in the device the app is installed on, collecting contact lists, text messages, call logs and any files stored locally on the device.
In addition to that, the malware can activate the device’s microphone to create audio recordings to be sent to the command and control server, and it is capable of taking screenshots of anything displayed on the device.
The app has only been found on the Play Store at this point. However, an analysis of the code reveals that the person or group behind it has already built in hooks that would make it capable of attacking iOS and Windows-based machines. The researchers fear that this malware is in an early stage of development. What they found in the code points to this being the leading edge of a much larger and more widespread attack.
In addition to its being a potentially devastating piece of malware, the researchers indicated that this code would be perfect for conducting highly advanced cyberespionage campaigns. That is, given that high ranking corporate and government employees have such a wealth of information on their phones and almost always keep them close at hand. The ability to make recordings of things going on in the immediate vicinity of the infected device could lead to no end of trouble.
In any case, if you have either of the apps mentioned above installed on your phone, delete them immediately. Trend Micro has promised further updates about this latest malware threat as they get them.