SangRyol Ryu, a researcher from McAfee’s Mobile Research, has reported on malware found in Android phones called the SpyAgent group targeting South Koreans and spreading to the United Kingdom. They are attempting to upload images to servers to read text within the images. The app functions like regular malware, capable of sending device data, extracting SMS to servers, and accessing contact information, with the unique behavior of trying to upload images from the device to servers.
Ryu successfully hacked into the controlling server of this malware and discovered that the interface searches for seed values of crypto wallets. Upon receiving images, it attempts OCR to extract text from the images. The admin interface shows a list of targeted phones, including iPhones, although Ryu was unable to locate a sample of the iOS malware version.
Source: McAfee
TLDR: SangRyol Ryu from McAfee’s Mobile Research uncovers SpyAgent malware on Android phones targeting South Koreans, attempting to read text within images, with a unique feature of uploading images to servers.
Leave a Comment