Triout is an Android Malware first discovered by Bitdefender and is masquerading in a clone of a legitimate application. Although researchers aren’t sure where the malicious app is being distributed from, the assumption is that it’s from third-party app stores or app-sharing forums. Triout comes loaded with intrusive spyware capabilities including: recording every call taken place on infected device, uploading recorded phone calls to a remote server, stealing call log data, collecting and stealing SMS messages, sending phones GPS coordinates to a remote server, uploading a copy of every picture taken with the phones camera to a remote server, and hiding from the users view. Although this malware contains these advanced capabilities, the malware is completely unobfuscated, meaning that unpacking the .apk file will give anyone full access to the source code. Researchers believe that this may have been done on purpose, suggesting that the framework may be a work-in-progress and developers are testing out the features with different devices. It is unknown whether this malware was the work of a nation-state hacker, or a cyber-criminal involved in espionage.

Reporting and Technical Details

  • Bitdefender provides more technical details of Triout, here.

  • February 2019: Triout is masquerading as the privacy tool Psiphon. Threat actors are targeting specific users with this malware. (Bitdefender)

Image Source: Bleeping Computer