A recently identified Android malware described as an information stealer and spyware has broad monitoring capabilities that allow it to harvest and exfiltrate sensitive information from numerous applications. The malware is distributed disguised as the ‘Telegram Premium’ application, through a phishing website that mimics the legitimate RuStore application store. Once installed on the victim’s device, the dropper requests permissions to query and list all installed applications, to access and modify external storage, to delete and install applications, and to update applications without the user’s consent. The malware can harvest sensitive device information and messages, silently intercept and log USSD responses, track and manipulate USSD interactions, monitor clipboard and content sharing, monitor user engagement and ecommerce transactions, and monitor screen state changes and notifications for a broad range of applications.

Read more: https://www.securityweek.com/firescam-android-malware-packs-infostealer-spyware-capabilities/