New details of this malware
After being known a few weeks ago, now the researchers are learning little by little more details of dracarys, a malware that little by little is spreading through Android phones in more countries. At the moment it has been detected in places like New Zealand, India, Pakistan or the United Kingdom. Therefore, a rapid expansion also in our country should not be ruled out. This malware was first spotted by Meta in the second quarter of this year.
Even then they warned that this malware could steal data, obtain the geolocation of the victims, or activate the microphone of their mobile phones to listen to them. Now the cyberintelligence firm Cyble has published a technical report on Dracarys, which gives more details on how this malware works, and especially how it reaches our mobiles. And it is that they have discovered that the malware has been using trojanized versions of the popular messaging app Signal.
They would only have found it in this app, so this information would support that of Meta, which had also warned that the malware was found in versions of Telegram, WhatsApp or YouTube. The method used by the hackers was through a web page that spoofed the look and feel of the Signal download page. In this way, users who reached it via malicious links actually ended up downloading Dracarys malware.
A well-executed plan
For this they had done with the domain “signalpremium.com” so that the discharge would have some legitimacy in the eyes of the victims. The reality is that the image shared by the researchers shows that it was not difficult to make a mistake downloading the app, since the appearance was quite faithful to the real one, to that of the Signal app. And as usual, once the malware is installed on the mobile, it ends up taking important permissions from the mobile in order to take control of it. Such as access to the contact list, SMS messages, the camera or the microphone.
With all this, they already have everything they need to steal our data, be it banking, messages or multimedia stored on our phone. The problem is that when installing a messaging app, many of these permissions make sense to give them to the application, which hackers take advantage of, since the victims see it as normal to grant them. So far it has been proven that Dracarys is capable of stealing your contact list, SMS data, call logsthe list of installed applications, the files or the GPS position.