Android spyware targets business executives. From HelpNetSecurity.
Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company.
The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher.
They don’t say how the malicious app – a piece of commercial spyware they dubbed Exaspy – found its way onto the victim’s phone, but chances are someone took advantage of the physical access they had to the device to do the dirty deed.