The enemy in your pocket. Can you prevent your smartphone from spying on you?

June 28, 2018 | By CTRL Team
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, 4.67 / 5
Loading...

Your smartphone is your best friend and assistant. But within a few minutes it can turn into an insidious betrayer. Then it begins tracking every move you make, catching every word you say or write – and pass this information to your adversaries. Your messages, pictures, projects, business and private talks and all other secrets get into the hands of … actually, anybody who sees you as a target. Cybercriminals, bandits, competitors, jealous spouses or intelligent agencies – this list can be endless.

But how do they do that?

By using special spying programs that can be installed into your smartphone within a few minutes. This programs are openly sold via the Internet and positioned as software for “good purposes”: for parents to monitor their children activities, businessmen to track what their employees do, spouses to catch a cheating partner… Of course, in most countries, such activity is considered as illegal itself. But despite that, such programs can be widely used for even more obvious crimes: stealing information from business competitors or preparing to hit a victim by criminals.

Comodo Threat Research Labs analysts deeply explored some of the most popular spying programs, so you’ll be able to see with your own eyes how exactly the mobile spyware works and what it does after penetrating your smartphone.

SpyHide

SpyHide

This spyware monitors and records many processes on the victim’s smartphone: calls made and received, real-time GPS location of the phone, SMS etc. It has access to the entire contacts list and photos stored on the phone. It’s completely hidden from the smartphone owner. To get the stolen information, the attacker needs to connect and login to the spyware server.

SpyHide login

If you wish to look under the hood, here you are. The list below demonstrates the harm SpyHide can do to you. All strings clearly speak for themselves.

SpyHide records and maintains events from the following list:

EVENT_AMBIENT_RECORD_LOG = "event_ambient_record_active";

EVENT_CALL_LOG = "event_call_log";

EVENT_CONTACT_LOG = "event_contact_log";

EVENT_CORE_APP = "event_core_app";

EVENT_GPS_LOG = "event_gps_log";

EVENT_HAS_CONNECTED = "event_has_connected";

EVENT_PHOTO_LOG = "event_photo_log";

EVENT_SMS_INCOMING_LOG = "event_sms_log";

EVENT_SMS_OUTGOING_LOG = "event_sms_outgoing_log";

EVENT_SYNC_AND_FLUSH = "event_sync_and_flush";

SpyHide sends stolen information to the following remote servers:

DEFAULT_DATA_SERVER = "flushdataxx.vixxis.net/client";

DEFAULT_DATA_SERVER_NO_PROXY = "flushdataxx.hexxspy.com";

String DEFAULT_WEBSITE = "www.vixxis.net/client";

SpyHide extracts your data about calls, SMS, email, WhatsApp’s history, websites you visited as well as you contact database and your locations;

PATH_BACKUP_FILE_CALL = "/call/";

PATH_BACKUP_FILE_CONTACT = "/contact/";

PATH_BACKUP_FILE_GPS = "/gps/";

PATH_BACKUP_FILE_SMS = "/sms/";

PATH_BACKUP_FILE_URL = "/url/";

PATH_BACKUP_FILE_WHATSAPP = "/whatsapp/";

PATH_BACKUP_MY_A_APP = CoreApp.getContext().getFilesDir().getParentFile().getPath() + "/BackupEmail/";

It sends all backups to remote server and can download files from there:

URL_APP = "/LogApp";

URL_CALL = "/LogCall";

URL_CALL_EX = "/LogListCall";

URL_CHECK_DEVICE_REGISTERED = "/CheckDeviceExist";

URL_CHECK_LOGIN = "/CheckAccount";

URL_CONTACT = "/LogContact";

URL_CONTACT_EX = "/LogListContact";

URL_DOWNLOAD_AMBIENT = "http://virsis.net/client/downloads/";

URL_EMAIL = "/LogEmail";

URL_GETSETTING = "/GetSetting";

URL_GPS = "/LogGps";

URL_GPS_EX = "/LogListGps";

URL_LOG_DATA = "/LogDataEx";

URL_PHOTO = "/UploadPhoto";

URL_PROTOCOL = "/DataService.svc";

URL_RECORD_CALL = "/UploadRecordCall";

URL_REGISTER_DEVICE = "/Create";

URL_SEND_DEVICE_TOKEN = "/SendDeviceToken";

URL_SEND_GCM_REG_ID = "/RegGcm";

URL_SEND_PHONE_INFO = "/UpdatePhoneInfo";

URL_SMS = "/LogSms";

URL_SMS_EX = "/LogListSms";

URL_SYNC = "/DataService.svc";

URL_SYNCSETTING = "/SyncSetting";

URL_SYNC_NOW = "/GetSettingNow";

URL_URL = "/LogUrl";

URL_URL_EX = "/LogListUrl";

rtmpUrl = "rtmp://virsis.net/client:1xx5/live";

HelloSpy:

 

HelloSpy

HelloSpy positions itself as “a best cell phone tracking and monitoring software for iPhone and Android Phone. Once installed on the target phone you will be able to monitor and record all calls made and received, real-time GPS location of the phone, track and record text messages (SMS), have access to the entire contacts list and photos stored on the phone and much more. FREE mobile spyware application satisfies all needs for spy, hacking and backing up the data for any smartphones”. (The descriptive quotes here and below are taken from the websites of the spyware)

And here is what HelloSpy can do with your phone:

Intercept and maintain your calls, SMS, every photo you made etc.

EVENT_AMBIENT_RECORD_LOG = “event_ambient_record_active”;

EVENT_CALL_LOG = “event_call_log”;

EVENT_CONTACT_LOG = “event_contact_log”;

EVENT_CORE_APP = “event_core_app”;

EVENT_GPS_LOG = “event_gps_log”;

EVENT_HAS_CONNECTED = “event_has_connected”;

EVENT_PHOTO_LOG = “event_photo_log”;

EVENT_SMS_INCOMING_LOG = “event_sms_log”;

EVENT_SMS_OUTGOING_LOG = “event_sms_outgoing_log”;

EVENT_SYNC_AND_FLUSH = “event_sync_and_flush”.

Communicate with remote servers:

DEFAULT_DATA_SERVER = “flushdatxx.hellospy.com”;

DEFAULT_DATA_SERVER_NO_PROXY = “flushdatxx.hellospy.com”;

DEFAULT_WEBSITE = www.hellospy.com.

It gets and maintains sensitive data like calls, contacts, location, messages, and websites you visited:

PATH_BACKUP_FILE_CALL = “/call/”;

PATH_BACKUP_FILE_CONTACT = “/contact/”;

PATH_BACKUP_FILE_GPS = “/gps/”;

PATH_BACKUP_FILE_SMS = “/sms/”;

PATH_BACKUP_FILE_URL = “/url/”;

PATH_BACKUP_FILE_WHATSAPP = “/whatsapp/”;

PATH_BACKUP_MY_A_APP = CoreApp.getContext().getFilesDir().getParentFile().getPath() + “/BackupEmail/”;

4. It sends the collected backups to remote server and makes downloads from there:

URL_APP = “/LogApp”;

URL_CALL = “/LogCall”;

URL_CALL_EX = “/LogListCall”;

URL_CHECK_DEVICE_REGISTERED = “/CheckDeviceExist”;

URL_CHECK_LOGIN = “/CheckAccount”;

URL_CONTACT = “/LogContact”;

URL_CONTACT_EX = “/LogListContact”;

URL_DOWNLOAD_AMBIENT = ” http://hellospyxx.com/downloads/”;

URL_EMAIL = “/LogEmail”;

URL_GETSETTING = “/GetSetting”;

URL_GPS = “/LogGps”;

URL_GPS_EX = “/LogListGps”;

URL_LOG_DATA = “/LogDataEx”;

URL_PHOTO = “/UploadPhoto”;

URL_PROTOCOL = “/DataService.svc”;

URL_RECORD_CALL = “/UploadRecordCall”;

URL_REGISTER_DEVICE = “/Create”;

URL_SEND_DEVICE_TOKEN = “/SendDeviceToken”;

URL_SEND_GCM_REG_ID = “/RegGcm”;

URL_SEND_PHONE_INFO = “/UpdatePhoneInfo”;

URL_SMS = “/LogSms”;

URL_SMS_EX = “/LogListSms”;

URL_SYNC = “/DataService.svc”;

URL_SYNCSETTING = “/SyncSetting”;

URL_SYNC_NOW = “/GetSettingNow”;

URL_URL = “/LogUrl”;

URL_URL_EX = “/LogListUrl”;

rtmpUrl = rtsp://hellospyxx.com:1xx5/live”;

Also, it’s able to stream video and audio.

MobiiSpy:

MobiiSpy

 

This spyware monitors “user activities in the background of the target phone including tracker mobile GPS location, call logs, spy calls, spy on text messages, monitor web history, pictures, spy on WhatsApp messages, Facebook messages, Viber messages and more”.

It can record and maintain events from the following list:

EVENT_AMBIENT_RECORD_LOG = “event_ambient_record_active”;

EVENT_CALL_LOG = “event_call_log”;

EVENT_CONTACT_LOG = “event_contact_log”;

EVENT_CORE_APP = “event_core_app”;

EVENT_GPS_LOG = “event_gps_log”;

EVENT_HAS_CONNECTED = “event_has_connected”;

EVENT_PHOTO_LOG = “event_photo_log”;

EVENT_SMS_INCOMING_LOG = “event_sms_log”;

EVENT_SMS_OUTGOING_LOG = “event_sms_outgoing_log”;

EVENT_SYNC_AND_FLUSH = “event_sync_and_flush”;

It communicates with remote servers:

DEFAULT_DATA_SERVER = “”http://webccservicesxx.mobiispy.com”;”;

DEFAULT_DATA_SERVER_NO_PROXY = “http://webccservicesxx.mobiispy.com”;

DEFAULT_WEBSITE = “www.hellospy.com”;

It extracts and maintain sensitive data from a victim mobile:

PATH_BACKUP_FILE_CALL = “/call/”;

PATH_BACKUP_FILE_CONTACT = “/contact/”;

PATH_BACKUP_FILE_GPS = “/gps/”;

PATH_BACKUP_FILE_SMS = “/sms/”;

PATH_BACKUP_FILE_URL = “/url/”;

PATH_BACKUP_FILE_WHATSAPP = “/whatsapp/”;

PATH_BACKUP_MY_A_APP = CoreApp.getContext().getFilesDir().getParentFile().getPath() + “/BackupEmail/”;

It sends all backups to remote server and can make downloads from there:

URL_APP = “/LogApp”;

URL_CALL = “/LogCall”;

URL_CALL_EX = “/LogListCall”;

URL_CHECK_DEVICE_REGISTERED = “/CheckDeviceExist”;

URL_CHECK_LOGIN = “/CheckAccount”;

URL_CONTACT = “/LogContact”;

URL_CONTACT_EX = “/LogListContact”;

URL_DOWNLOAD_AMBIENT = “http://hellospwwy.com/downloads/”;

URL_EMAIL = “/LogEmail”;

URL_GETSETTING = “/GetSetting”;

URL_GPS = “/LogGps”;

URL_GPS_EX = “/LogListGps”;

URL_LOG_DATA = “/LogDataEx”;

URL_PHOTO = “/UploadPhoto”;

URL_PROTOCOL = “/DataService.svc”;

URL_RECORD_CALL = “/UploadRecordCall”;

URL_REGISTER_DEVICE = “/Create”;

URL_SEND_DEVICE_TOKEN = “/SendDeviceToken”;

URL_SEND_GCM_REG_ID = “/RegGcm”;

URL_SEND_PHONE_INFO = “/UpdatePhoneInfo”;

URL_SMS = “/LogSms”;

URL_SMS_EX = “/LogListSms”;

URL_SYNC = “/DataService.svc”;

URL_SYNCSETTING = “/SyncSetting”;

URL_SYNC_NOW = “/GetSettingNow”;

URL_URL = “/LogUrl”;

URL_URL_EX = “/LogListUrl”;

rtmpUrl = rtsp://hellospy.com:1xx5/live”;

It’s also able to stream video and audio.

1TopSpy

1TopSpy

1TopSpy “works by tracking and monitoring all activity in the background of the target phone including track GPS location, spy on text messages, web history, images, calls logs and spy call recording, spy on Whatsapp, Viber, Facebook messages, Snapchat, Line, BBM messages and much more”.

It can record and maintain events from the following list:

EVENT_AMBIENT_RECORD_LOG = “event_ambient_record_active”;

EVENT_CALL_LOG = “event_call_log”;

EVENT_CONTACT_LOG = “event_contact_log”;

EVENT_CORE_APP = “event_core_app”;

EVENT_GPS_LOG = “event_gps_log”;

EVENT_HAS_CONNECTED = “event_has_connected”;

EVENT_PHOTO_LOG = “event_photo_log”;

EVENT_SMS_INCOMING_LOG = “event_sms_log”;

EVENT_SMS_OUTGOING_LOG = “event_sms_outgoing_log”;

EVENT_SYNC_AND_FLUSH = “event_sync_and_flush”;

1Top communicates with remote servers:

DEFAULT_DATA_SERVER = “”http://flushdatxx.1topssspy.com”;”;

DEFAULT_DATA_SERVER_NO_PROXY = “http://flushdatxx.1topssspy.com”;

DEFAULT_WEBSITE = “www.hellospy.com”;

1TopSpy extracts information about calls, SMS, contacts, database, emails, visited websites:

PATH_BACKUP_FILE_CALL = “/call/”;

PATH_BACKUP_FILE_CONTACT = “/contact/”;

PATH_BACKUP_FILE_GPS = “/gps/”;

PATH_BACKUP_FILE_SMS = “/sms/”;

PATH_BACKUP_FILE_URL = “/url/”;

PATH_BACKUP_FILE_WHATSAPP = “/whatsapp/”;

PATH_BACKUP_MY_A_APP = CoreApp.getContext().getFilesDir().getParentFile().getPath() + “/BackupEmail/”;

It sends all backups to the remote server and can download files from there:

URL_APP = “/LogApp”;

URL_CALL = “/LogCall”;

URL_CALL_EX = “/LogListCall”;

URL_CHECK_DEVICE_REGISTERED = “/CheckDeviceExist”;

URL_CHECK_LOGIN = “/CheckAccount”;

URL_CONTACT = “/LogContact”;

URL_CONTACT_EX = “/LogListContact”;

URL_DOWNLOAD_AMBIENT = “http://hellospwwy.com/downloads/”;

URL_EMAIL = “/LogEmail”;

URL_GETSETTING = “/GetSetting”;

URL_GPS = “/LogGps”;

URL_GPS_EX = “/LogListGps”;

URL_LOG_DATA = “/LogDataEx”;

URL_PHOTO = “/UploadPhoto”;

URL_PROTOCOL = “/DataService.svc”;

URL_RECORD_CALL = “/UploadRecordCall”;

URL_REGISTER_DEVICE = “/Create”;

URL_SEND_DEVICE_TOKEN = “/SendDeviceToken”;

URL_SEND_GCM_REG_ID = “/RegGcm”;

URL_SEND_PHONE_INFO = “/UpdatePhoneInfo”;

URL_SMS = “/LogSms”;

URL_SMS_EX = “/LogListSms”;

URL_SYNC = “/DataService.svc”;

URL_SYNCSETTING = “/SyncSetting”;

URL_SYNC_NOW = “/GetSettingNow”;

URL_URL = “/LogUrl”;

URL_URL_EX = “/LogListUrl”;

rtmpUrl = rtsp://hellospy.com:1xx5/live”;

Here is the consolidated table of the analyzed malware. The arrows point to common features of the spyware types.

spyware types

Some interesting nuances usually stay unnoticed but definitely worth mentioning. First, the spyware may not only upload a victim’s file on the server but download files on the victim’s device as well. It can be used to compromise a victim by downloading an incriminating data like child pornography, secret documents information etc. to frame a person. Second, all stolen data are sent to the server, so not only the attacker but also the software and server owners can get access to the data. As well as anyone who will be able to hack the server. Third, as the spyware is able to turn on the microphone and camera, it allows wiretapping not only the device owner but also everyone in the vicinity.

As you can see, mobile spying is a high-level multiple dangerous threat.

How can you prevent it?

The internet is overwhelmed with the different advice on how to detect spyware on your smartphone. But in reality, many of them are useless or implementable. The only guaranteed way to locate a spyware is deep exploring of the mobile device by a security specialist. So, if you’re not the one, you hardly can detect the spyware. Antivirus solutions also often fail to detect it.

That’s a bad news.

But the good news is that you can prevent infecting your smartphone in 4 easy steps:

1. Always lock your device with strong password or six-digit PIN and never tell it anyone. So even if your smartphone will get into the hands of attackers, they won’t be able to install spyware into it. Surprisingly, but about 95% of users don’t lock their mobile devices at all!

2. Never use jailbroken iPhone or rooted Android device.

3. Never click on unknown links in emails, SMS or messengers

4. Download applications only from Apple Store or Google Play.

Live secure with Comodo!

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>