Malware that Spies on your WhatsApp & Facebook messages.
Currently, it is mainly targeting users using the social messenger apps like WhatsApp, Facebook Messenger and Line.
It triggers all kinds of spy functionality, including capturing of screenshots when the messaging apps are open. The screenshots are then to get uploaded to the C2 server of the malware.
The malware can reach the user's device via malicious and fake updates to otherwise legit apps. For instance, it can imitate as some legitimate service process, such as Google service, GooglePlay or Flash update.
If a user is entangled with this tactic, the malware will then install itself on the user's android device and perform the spy function.
Its main operation is to copy and paste a large number of public resources on the network.
The malware collects device data, takes photos and videos, hacks text messages, records audio, steals files, and then transfers all of these to the hacker's remote server.
At present, the malware is observed to be actively targeting Android users in Thailand. And as per the researchers, several hacking servers have been observed to be located in Thailand.
According to researchers, it seems that malware is still under development. What is more worrisome is that with continuous updation in the malware and with the stealthy data exfiltration capabilities, it may evolve into a serious threat in the future.