Digital Forensics Dispatch

Italian Government Exodus Malware Found Within App on Google Play Store

April 23, 2019

Spyware and malware continue to plague app stores, both on Android and iOS devices. Recently, Lisa Vaas of NakedSecurity, a blog by the cybersecurity company Sophos, reported about government spyware hidden within apps available on the Google Play store. This, as we suspected, is a fairly common occurrence within app stores. Research into the Google play store a few months ago turned up 18,000 applications that were bypassing the Advertising ID system and were collecting additional data from users’ smartphones that could not be blocked or reset. Google had already removed more than 700,000 bad applications from its Play store in 2018.

In this particular instance of spyware found on the Google Play Store, it’s reported to have originated from the Italian government, who allegedly purchased the application from a surveillance company. Luckily, there have only been a few dozen downloads of the app, all within Italy. For those interested, the app was named Exodus.

The Exodus malware works in stages. The first stage is a decoy, where the malware acts as a seemingly harmless application.  Instead, the app downloads and executes a malicious payload installing additional programs that run in the background of the device. Stage two handles the collection and exfiltration of user data.

We are grateful that applications like this continue to be caught, and luckily, before this one had the chance to be installed by a large number of people.

This also reinforces the lesson of being cautious about what applications you are downloading and installing on your electronic devices – as you cannot be too safe.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/