Trend Micro finds new mobile malware masquerading as a chat app

It looks like company found the malware before any victims were hit.
mobile malware
(Getty Images)

A new kind of mobile malware that can steal victim’s personal information, including files and victims’ location data is hidden under the guise of a chat app, according to new research from Trend Micro.

Since May, the new mobile malware, which Trend Micro dubs CallerSpy, has appeared on multiple occasions on a phishing site http://gooogle[.]press imitating apps such as Chatrious and Apex App. All users have to do to get infected is click the download button on the site, and then the spyware monitors for commands from the attackers’ command and control server.

It appears to only target Android users for now, according to Trend Micro. The company has not discovered any victims, according to its research.

CallerSpy, which Trend Micro assesses is a targeted espionage campaign, can collect call logs, text messages, contacts, and files from victims. It can also take screenshots and send them back to the command and control server, record audio information, and track an infected device’s location, raising concerns about vulnerable populations that could be unwittingly tracked by this spyware.


It is unclear what actors may be behind this new CallerSpy activity, but it is apparent that they have made efforts to obfuscate their identities, by making their domain registrant information untraceable, according to Trend Micro. They have also worked to lull victims into a false sense of security — the domain google[.]press imitates Google and comes with an imitation Copyright logo to better dupe users to download the spyware.

The new spyware has surfaced just as China has been using mobile malware to conduct mass surveillance and human rights abuses against its Muslim Uighur population in Xinjiang, according to Human Rights Watch and multiple cybersecurity firms. The Chinese government has, for instance, ordered security officials to monitor users of an app called Zapya, which allows users to exchange messages and share the Quran, according to files obtained by the International Consortium of Investigative Journalists.

Chat apps are particularly crucial modes of communication for populations that governments view as political opponents or threats, especially as governments take actions that could push vulnerable populations to seek less mainstream methods of communicating in the face of surveillance. China recently labeled 51 different networking activities as suspicious, including using encrypted communications apps like WhatsApp, as it determines which citizens to detain, which could push Uighurs to seek alternative communications platforms.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts