PoriewSpy, developed from the open-source project “Android Image Viewer” and existing as far back as 2014, steals sensitive information, such as SMS, call logs, contacts, location, and SD card file list, and record calls from the victims’ device. The malware can record audio from a phone call or instruct the device to record audio every 60 seconds at another time. The malicious PoriewSpy apps were automatically downloaded from compromised websites visited by users. A cyber-espionage threat group is suspected of targeting users in India via malicious PoriewSpy-laden apps. When the app first launches, it displays a lewd photo of an Indian actress but later hides its icon. The malicious apps became active in late 2015-early 2016.

Technical Analysis

  • Trend Micro provides technical analysis of PoriewSpy here.