Hackers are aware of the applications that most users usually download on their mobile phones, which include social networks and messaging applications, and therefore they are trying to use many of the known applications to install their malware.
And this is exactly what the new malware called dracarys which is capable of automatically clicking and granting certain permissions without user consent and are distributing it in fake Telegram, WhatsApp, YouTube and Signal apps to more easily fool users.
To gain certain permissions, the malware asks to use accessibility services, which could end up automatically clicking on the screen interface and gaining access to many other features of our mobile.
Once the user’s terminal is infected, it is able to access the call log, contacts, files, text messages, geolocation, device information, take pictures, enable the microphone and install other malicious applications, Meta points out, via bleepingcomputer.
According to Meta this malware due to its infrastructure “has not been detected by existing antivirus systems”, so it can go unnoticed.
One of the ways to distribute these known applications but with malicious code is through phishing pages that resemble the official download portals for these applications.
And this happens especially with Signalsince the source code of it is available to the public, so the hackers have created a version of the application with all the usual features but with the malware in its code.
Once the malicious application is installed, it asks for access to a series of permissions that users accept, most of them without reading what they are actually granting on their phone.
In addition to the above, researchers have found that malware take screenshots, record audio and upload media to a server controlled by hackers.