Researchers uncovered an Android spyware family called BondPath that is capable of retrieving chats from several mobile messaging apps while spying on other types of information.

BondPath has been around since May 2016, but in July 2018, researchers at Fortinet observed that some samples were still in the wild. Those specimens masqueraded as “Google Play Store Services,” an application signed by an unknown developer known only as “hola.” The name of this malicious application is intentionally similar to Google Play Services, the title of the process Google uses to update Android apps from the Play Store.

Upon successful execution, BondPath assumes the ability to steal an infected device’s browser history, call logs, emails and SMS messages. But a few less frequently used capabilities made BondPath stand out to the researchers, such as its ability to monitor an infected smartphone’s battery status. It could also steal chats from WhatsApp, Skype, Facebook, Line and other mobile messaging apps.

The Rise and Fall of Spyware

According to Verizon’s “2018 Data Breach Investigations Report,” spyware and keylogger malware were involved in 121 security incidents and 74 data breaches in 2017. This threat category increased its activity during the second half of 2017 and the beginning of 2018, yielding a 56 percent increase in detections during the first quarter of 2018, according to Malwarebytes. Spurred in part by a series of large attack campaigns pushing Emotet, Malwarebytes named spyware as the top detected business threat for the quarter.

Near the end of the first quarter, spyware activity declined significantly. It continued falling throughout the second quarter, ultimately decreasing by 40 percent, according to Malwarebytes. In that span of time, TrickBot was the most prevalent form of spyware after it added the ability to hijack cryptocurrency earlier in the year.

How to Protect Against Mobile Threats

To defend their organizations against BondPath and similar mobile threats that originate in official app stores, security teams should keep applications and operating systems running at the current patch level, verify the legitimacy of unsolicited email attachments through a separate channel, and monitor their IT environment for the indicators of compromise (IoCs) listed in the IBM X-Force Exchange threat advisory.

Sources: Fortinet, Verizon, Malwarebytes, Malwarebytes(1)

More from

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…