Signal has been known as one of the most popular apps that promote cybersecurity and encryption to help protect its users. Hackers, however, have been able to use the Dracarys spyware on a modified version of the app.
The Dracarys Android Spyware was Used by the Bitter APT Group
According to Bleeping Computer, researchers have been able to uncover details regarding the Dracarys Android spyware, which was just recently discovered. The spyware was used by the Bitter APT group "in cyberespionage operations."
It was noted that the Dracarys spyware was used to target users that were located in the United Kingdom, New Zealand, India, and even Pakistan. The spyware was first reported by Meta, previously Facebook, during its Q2 2022 adversarial threat report.
Meta Mentioned How the Spyware was Able of Different Malicious Activities
In the report, Meta mentioned how the spyware was capable of data-stealing, geo-locating, and even capable of activating users' microphones. Cyble, a cyber-intelligence firm, published a technical report on Dracarys.
As per Bleeping Computer, the technical report was shared exclusively with them and provided a deep dive into the spyware's inner workings. Although laced versions of Telegram, WhatsApp, and YouTube were mentioned by Meta, the investigation by Cyble only uncovered a "trojanized version of the Signal messaging app."
How Hackers were Able to Insert the Dracarys Malware in the Source Code
The hackers were able to send the app to victims through a phishing page that looked just like a genuine Signal download portal. The fake site used the domain "signalpremium.com."
Since Signal's source code is reportedly open source, the group was able to create a version that includes all of the usual features as well as the expected functionality. The threat actors, however, also added the Dracarys malware within the source code in the modified messaging app.
Malicious App is Capable of Gaining Access to Critical Information and Controls
The permissions that were requested when installing the malware include access to the users' contact list, camera, and microphone, SMS, read and write storage, the ability to make calls, and even the ability to know the users' precise location.
Despite being risky, the permissions are actually quite normal for chat apps which resulted in the malicious activity "unlikely to raise suspicion." The spyware reportedly also abuses the Accessibility Service in order to get auto-grant additional permissions.
Read Also: Former Twitter Employee Charged in SF Court for Espionage, Aiding Saudi Arabia and Other Charges
The Malicious App is Also Capable of Running in the Background
This also results in the malicious version of the app to continue running in the background despite the user closing the Signal app. This has raised its privileges and allowed the hackers to click on the screen despite no interaction from the user.
When launched, the spyware will reportedly connect to a Firebase server in order to get commands on what data the device should be able to collect from users. As per Bleeping computer, it is always important to be aware of where users download certain applications to avoid falling victim to malicious software.
Related Article: Apple iCloud Class Action Suit: Federal Court Approves $14 Million Settlement to Subscribers
This article is owned by Tech Times
Written by Urian B.