Android warning: terrifying malware can spy on you right now

Android fans have been put on alert about a new strain of malware which can spy on you and record what you're doing at this very moment. The malware can carry out a range of nefarious

surveillance tasks such as intercepting text messages as well as audio and screen recording. The software, dubbed HeroRat, can also control a device's settings, obtain a user's

location as well as make calls and tap into your contacts. The malware was discovered by security experts at ESET and it tries to trick victims into downloading it with lofty promises. It

poses as an application that can allegedly offer victims free Bitcoin, more social media followers or free internet connections. Once downloaded it then leverages the bot functionality of

the hugely popular Telegram app to control the device. Telegram has 200million monthly users. In a blog post outlining how the malware works, ESET researcher Lukas Stefanko wrote:

"Having gained access to the victim’s device, the attacker then leverages Telegram’s bot functionality to control the newly listed device. "Each compromised device is controlled

via a bot, set up and operated by the attacker using the Telegram app. "The malware has a wide array of spying and file exfiltration capabilities, including intercepting text messages

and contacts, sending text messages and making calls, audio and screen recording, obtaining device location, and controlling the device’s settings." Stefanko added: "The malware’s

capabilities are accessible in the form of clickable buttons in the Telegram bot interface. "Attackers can control victimised devices by simply tapping the buttons available in the

version of the malware they are operating." The ESET malware researcher added that the malware has not been seen on the Google Play Store and so far has mainly been distributed in Iran.

Speaking about the threat to Cyberscoop, Telegram said: “This [malware] doesn’t target Telegram users specifically, merely uses the Telegram bot API to communicate with its owner. "See

the ‘How to stay safe’ section in the article for protection tips. (In a word: Don’t install apps from unknown sources).” Stefanko added that one of the best ways to stay safe from Android

malware it to stick to the official Google Play Store. He wrote: "To avoid falling victim to Android malware, stick to the official Google Play store when downloading apps, make sure to

read user reviews before downloading anything to your device and pay attention to what permissions you grant to apps both before and after installation." Last week Express.co.uk

reported on a new 'Frankenstein' virus that combines the worst features of different malware to form a dangerous threat. Dubbed MysteryBot, the malware blends features of

ransomware, keyloggers and banking trojans to create a virus that can attack on many fronts. Security researchers from ThreatFabric discovered the malware, and said it appears to be related

to the well-known LokiBot Android banking trojan. MysteryBot is capable of taking control of infected devices, with the ability to read messages, gather contact information and steal

sensitive e-mails. While Android malware tends to attack older versions of the Google mobile OS, MysteryBot can target recent pieces of software like Android 7 and Oreo. It uses an overlay

screen to display fake login pages on top of legitimate apps for the Google mobile OS, so cybercriminals can steal sensitive user credentials. MysteryBot also has a unique keylogger feature.

Other malware takes screenshots the moment a user presses a key on the touch-based keyboard to figure out what the user is typing. Whereas MysteryBot records the location of a touch gesture

instead. It then tries to guess what the user has pressed based on points users touched the screen and the positioning of the virtual keyboard. MysteryBot also has a ransomware module which

means it can encrypt files and then store them in a password protected ZIP archive. ThreatFabric said the current versions of MysteryBot they have spotted have been designed as a Flash

Player app for Android.