Malware researchers at Palo Alto Networks have spotted a new Android Trojan, dubbed SpyDealer that can intercept date from more than 40 applications.
All user’s data were exfiltrated by abusing the Android accessibility service feature and used exploits from a commercial rooting app for data theft by gaining root Access of the Targeted Android.
SpyDealer exfiltrates data from apps like WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
SpyDealer performs very sophisticated hijacking Attacks with infected users and it also takes advantages from rooting applications such as “Baidu Easy Root” and gains root access of the targeted victims.
Once SpyDealer is successfully installed with an Android Mobile, it automatically hides its icon in the infected Mobile and it has two Broadcast receivers which are used for listening to the events such as device booting up and network connection status.
SpyDealer Malware Initial infection is not yet identified but Paloalto believes that initial infection would be through compromised wireless network.