Android Malware Disguises itself as MS Word Doc, Spies on Your Phone

Researchers have discovered an Android malware disguising itself as a Microsoft word document which triggers a malicious code once opened.

This Android malware was found when a user installed an app from third-party app developers. Once the app was installed, a Microsoft word like icon appeared on the home screen and before even the user could think of it as a malware, it displayed a message that:

“Installation errors, this software is not compatible with the phone.” The message is actually a trick to calm the user down and to avoid any kind of suspicion. That’s when the malware gets activated and steals all the data from user’s contact list and messages. It also starts controlling SMS and email functions of the phone.

android-malware-disguises-itself-as-ms-word-doc-spies-on-your-phone-3-side
Malware posing as a word file and showing fake error message

This malware is basically known as info stealer, which is designed for stealing SMS messages and contact lists.

While analyzing the source code for the malware, the researchers at ZScaler found out that it was a malware was sending handset’s IMEI code through an SMS to a phone number and an email address.

At the moment, around 300 plus users have so far been affected from this malware and that is only within last 20 days.

Once the malware is done with sending data, the scammers make their final move by spying on the phone itself.

This is done by sending a special SMS to the victim’s number, inside the SMS there is a mobile number for the malware to make a call on, once the malware does that mobile phone becomes a spying machine for the hackers.

android-malware-disguises-itself-as-ms-word-doc-spies-on-your-phone-6-down
Malware sending data to hacker’s email, stealing text messages and contact lists

So, what to do in case your phone has encountered one of this malware? First boot the phone in safe mode and then deactivate it from Device administrator and Follow this route:

Settings --> Security --> Device Administrator) and then uninstall it normal Apps section (Settings --> Apps --> Uninstall).

Note: You can’t uninstall the app directly because it already has taken administrative right on the start up. 

We at HackRead have always warned our readers not to download apps from a third-party. In the past, a similar third-party app infected Android devices with malware with ability of changing the device pincode and demand ransom to unlock it.

Agan Uzunovic

Agan Uzunovic is a Bosnian journalist who is working for the country’s largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.