Hackers with likely ties to the government in Egypt used Google’s official Play Store to distribute spyware in a campaign that
The app, called IndexY, posed as a means for looking up details about phone numbers. It claimed to tap into a database of more than 160 million Arabic numbers. One of the permissions it required was access to a user’s call history and contacts. Despite the sensitivity of that data, those permissions were understandable, given the app’s focus on phone numbers. It had about 5,000 installations before Google removed it from Play in August. Check Point doesn’t know when IndexY first became available in Play.
Story from Ars Techinca. Story by Dan Goodin.
Behind the scenes, IndexY logged whether each call was incoming, outgoing, or missed as well as its date and duration. Publicly accessible files left on indexy[.]org, a domain hardcoded into the app, showed not only that the data was collected but that the developers actively analyzed and inspected that information. Analysis included the number of users per country, call-log details, and lists of calls made from one country to another.
Read more at Ars Techinca.