Google has removed four malicious apps from its official Play Store after security researchers from Lookout found them to be infected with a piece of spyware capable of stealing a "significant amount" of personal data from a user's infected device. The spyware dubbed Overseer is capable of harvesting a host of sensitive user information including one's name, phone number, email and contact history.
It could also steal a slew of device data such as its precise location, including latitude and longitude, network ID, free internal and external memory, phone type, network operator, device and Android information, Device IMEI, IMSI, MCC, MNC and details about installed packages.
"Overseer interested us for a few reasons. First, it targets foreign travelers, with its core functionality of searching for the embassies' locations. For example, enterprise executives could be impacted by Overseer if they had downloaded the Embassy app during business travel," Lookout director Kristy Edwards and security analyst Michael Flossman wrote in a blog post published on 16 September.
While one of the infected apps discovered was an Embassy search tool designed to help travellers find embassies when abroad, the malware was also detected as a trojan in Russian and European News related applications for Android as well.
By running on Facebook's Parse Server, which is hosted on Amazon Web Services, the malware's command and control server (CNC) could make use of HTTPS and a CNC based in the US on a popular cloud service to essentially remain hidden since its traffic appeared to be legitimate and was less likely to be detected.
Lookout researchers did not specify how many downloads each infected app garnered or how many devices were estimated to have been infected. Google has removed the malware-ridden apps from the Google Play Store after Lookout notified the company.