Researchers Unveil More Details On How Hackers Are Installing Android’s Latest Spyware 'Dracarys'

A new report by researchers at Cyble has uncovered some unique facts related to Android’s latest malware called Dracarys.

According to the report, hackers are making use of altered Signal applications to install the spyware that’s notably been made use of by a group called Bitter APT. They’ve managed to conduct several cyber espionage missions so far.

Common vulnerable targets have been identified as users based in Pakistan, the UK, India, and New Zealand too.

This new malware by Android was first noticed and reported by Meta during the unveiling of its Q2 threat report for this year. Here is where they spoke in detail about how the spyware had the capability to steal user data, locate them geographically, and also make use of microphone activation to better extract users’ sensitive details.

The report we've referred to today comes to us from a leading cyber intelligence organization called Cyble, which has put forward some unique technical findings that no one is yet to highlight.

The findings related to Dracarys were first unveiled in an exclusive manner with media outlet Bleeping Computer, which really dived down deep to see the working of this particular threat.

Meta had previously outlined a number of laced versions linked to top apps like YouTube, Telegram, and WhatsApp. Now, however, we’re getting information by Cyble that only a trojanized type of the app was observed with Signal.

The hackers attacked victims through phishing pages that made the Signal app appear so real as if there was nothing wrong with it. We were made aware of the domain too, thanks to the report by Cyble.

The biggest drawback of Signal here was related to the fact that it has an open source code so, in this way, hackers could easily gain access and make a new version that had the same features and the usual functionality too.

In addition to that, there were the malware Dracarys included as well, completing the entire endeavor as a messaging application.

Before installation of the app, users were asked for their permissions regarding access to cameras, microphones, contacts, text messages, calls, locations, and writing storage too. And while they do sound like a lot and something that’s pretty risky, well, it’s quite the norm for chat apps to do the same.

But in addition to all that, Dracarys was even seen abusing Accessibility Services of users’ devices so that it could get a hold of auto grants for added permissions. Also, despite the app being switched off, it would continue to run in the background,

Without the user finding out, it would click on screens despite no interactions being carried out with the app.

After getting launched, Dracarys would end up stealing your data by linking to Firebase servers. In this way, it would get commands about which data needs to be collected from a particular device.

The report highlights how the types of data it was known to extract data from included files, contact lists, call logs, GPS positions, SMS information, and apps that were downloaded. Other than that, it had the capability to grab a hold of device screenshots, upload media files, and even access and record audio too.

Now that we know how significant of a threat it is, how can we stay safe?

Well, the research report outlines how important it is to be wary of any suggestions linked to installing chat apps that market themselves as being so safe. Also, in case you do plan to download them, use the Play Store only.

Next, always be mindful of the permissions being granted to use the app. Don’t forget to keep a check on your device's battery and data usage. This way, you’ll know if it's still working in the background.


Read next: Report shows 1 in 3 organizations now reply weekly ransomware attacks
Previous Post Next Post