A new dangerous strain of Android malware called Android Spywaller is infecting Android smartphones and tablets in China.
Symantec has diagnosed a new form of spyware that is attacking phones and other Android devices in mainland China. They have designated this family of malware as Android Spywaller.
Android Spywaller masquerades as an app named “Google Service.” This is a red flag for two reasons – firstly, there is no official application released by Google under this name. Secondly, Google and all associated services, including the Google Play Store, are blocked in China without the usage of a VPN.
Since the official Google Play Store is blocked in China, many Android users in the country resort to the usage of third-party app stores to install applications. In many cases, these unofficial app stores are havens for malware, and pathways for Android Spywaller to be installed.
Once installed, Android Spywaller seeks to block all security applications using a firewall. Secondly, DroidWall is installed, which will block off any external cloud communication between security apps and their threat databases. Finally, there will be an attempt to root the device, making it easier to access information from it. Once these steps have been taken, this nefarious piece of malware will have access to a user’s Android phone and any data present on the device.
For the time being, Android Spywaller seems to be restricted to China – where infection rates remain low. This piece of malware is still quite frightening, Symantec reports it as, “The most comprehensive spyware” they have come across. This is a scary thought for those living in a land where a communications app is linked with banking information and used to pay for anything from online purchases to rent and utilities.
In order to avoid Android Spywaller infection, users are encouraged to avoid downloading apps from untrustworthy sources, to keep their software up to date, and to regularly scan their Android devices with security applications.