MALWARE BUATAN BADAN PEMERINTAH? EXODUS

MALWARE BUATAN BADAN PEMERINTAH? EXODUS

9 Apr 2019

EXODUS yang dimaksud disini adalah nama dari prgoram yang dibuat untuk menjebol data pribadi pada ponsel dan disimpan di server yang dimiliki badan negara.


Situs Nex Sx menyebutkan bahwa program bernama Exodus terlacak dari kasus skandal yang terjadi di Itali yang melibatkan banyak cerita dari kasus korupsi hingga kebocoran data pribadi. Tidak jelas siapa yang menjalankan program ini dan bagaimana hasil akhir dari penyelidkan ini.

This is wild.

The Exodus servers are being analyzed and people are being investigated. It is unclear currently what was the purpose and who was the operator of the malicious apps we discovered on the Play Store and how many of the hundreds of victims were intended and how many were accidental.

More recent reports are now suggesting that the story might go deeper and darker than originally anticipated. The press is currently suggesting that illegal spying might have been operated on behalf of unknown entities and that this investigation is crossing with separate investigations dealing with corruption in Calabria.

Diperkirakan bahwa program ini terkait entitas pemerintah dan program ini mengumpulkan banyak data baik secara sengaja atau secara tidak sengaja terdapat di ponsel korban lain dan ikut bocor tersimoan datanya di server khusus di Amazon.

Ponsel yang terserang dalam kasus ini adalah ponsel Android dan program ini dapat terpasang secara sengaja atau tidak dari Google Play Store.

Disguised Spyware Uploaded on Google Play Store

We identified previously unknown spyware apps being successfully uploaded on Google Play Store multiple times over the course of over two years. These apps would remain available on the Play Store for months and would eventually be re-uploaded.

While details would vary, all of the identified copies of this spyware shared a similar disguise. In most cases they would be crafted to appear as applications distributed by unspecified mobile operators in Italy. Often the app description on the Play Store would reference some SMS messages the targets would supposedly receive leading them to the Play Store page. All of the Play Store pages we identified and all of the decoys of the apps themselves are written in Italian.


Situs Security Without Border menyebutkan bahwa porgram ini terpasang di Google Play Store semenjak 2 tahun lalu.

Android sendiri sebetulnya berisi banyak jebakan malware atau spyware jika anda adalah penggemar game, beberapa game sebetulnya berisi program yang berbahaya dan dapat memindahkan data pribadi anda untuk dikeruk pihak lain. Bisa jadi data ini menjadi data profile bagi periklanan dan bisa jadi juga data ini berpindah tangan ke pihak jahat yang siap memakai data kartu kredit anda.

Similarly to another Android spyware made in Italy, originally discovered by Lukas Stefanko and later named Skygofree and analyzed in depth by Kaspersky Labs, Exodus also takes advantage of "protectedapps", a feature in Huawei phones that allows to configure power-saving options for running applications. By manipulating a SQLite database, Exodus is able to keep itself running even when the screen goes off and the application would otherwise be suspended to reduce battery consumption.

Program ini dapat bekerja memindahkan data anda kapan saja, disaat ponsel sedang sibuk bekerja atau ketika ponsel sedang dalam keadaan layar mati dan bahkan ketika batre ponsel hampir habis, program ini terus bekerja keras mengeruk data pribadi anda.

Kemampuan program ini untuk mengeruk data anda sangat hebat, tidak hanya data kecil tetapi hingga data detail terkait aplikasi yang sering dipakai juga dicuri dengan murah.

As mentioned, mike.jar equips the spyware with extensive collection capabilities, including:

    Retrieve a list of installed applications.
    Record surroundings using the built-in microphone in 3gp format.
    Retrieve the browsing history and bookmarks from Chrome and SBrowser (the browser shipped with Samsung phones).
    Extract events from the Calendar app.
    Extract the calls log.
    Record phone calls audio in 3gp format.
    Take pictures with the embedded camera.
    Collect information on surrounding cellular towers (BTS).
    Extract the address book.
    Extract the contacts list from the Facebook app.
    Extract logs from Facebook Messenger conversations.
    Take a screenshot of any app in foreground.
    Extract information on pictures from the Gallery.
    Extract information from th GMail app.
    Dump data from the IMO messenger app.

    Extract call logs, contacts and messages from the Skype app.
    Retrieve all SMS messages.
    Extract messages and the encryption key from the Telegram app.
    Dump data from the Viber messenger app.
    Extract logs from WhatsApp.
    Retrieve media exchanged through WhatsApp.
    Extract the Wi-Fi network's password.
    Extract data from WeChat app.
    Extract current GPS coordinates of the phone.