Google Play again used to host malware-laden apps; this time, Overseer

Google Play continues to be a playground for cyber-criminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

Once installed Overseer would steal a laundry list of personal information including, user's name, cell number, email address and contacts, the victim's exact location, network ID, internal and external memory, phone type, permissions and more, wrote Michael Flossman and Kristy Edwards, researchers with Lookout Security, in a blog.

The apps in question included an embassy finder that targeted foreign travellers and what were most likely fake news apps developed specifically to spread Overseer.

One reason the malware caught the researchers attention is because it uses Facebook's Parse Server hosted on Amazon Web Services for command and control purposes.

“This allows it to remain hidden because it doesn't cause Overseer's network traffic to stand out and could potentially present a challenge for traditional network-based IDS solutions to detect,” the researchers said.

Sign up to our newsletters