Researchers uncovered an Android spyware family called BondPath that is capable of retrieving chats from several mobile messaging apps while spying on other types of information.

BondPath has been around since May 2016, but in July 2018, researchers at Fortinet observed that some samples were still in the wild. Those specimens masqueraded as “Google Play Store Services,” an application signed by an unknown developer known only as “hola.” The name of this malicious application is intentionally similar to Google Play Services, the title of the process Google uses to update Android apps from the Play Store.

Upon successful execution, BondPath assumes the ability to steal an infected device’s browser history, call logs, emails and SMS messages. But a few less frequently used capabilities made BondPath stand out to the researchers, such as its ability to monitor an infected smartphone’s battery status. It could also steal chats from WhatsApp, Skype, Facebook, Line and other mobile messaging apps.

The Rise and Fall of Spyware

According to Verizon’s “2018 Data Breach Investigations Report,” spyware and keylogger malware were involved in 121 security incidents and 74 data breaches in 2017. This threat category increased its activity during the second half of 2017 and the beginning of 2018, yielding a 56 percent increase in detections during the first quarter of 2018, according to Malwarebytes. Spurred in part by a series of large attack campaigns pushing Emotet, Malwarebytes named spyware as the top detected business threat for the quarter.

Near the end of the first quarter, spyware activity declined significantly. It continued falling throughout the second quarter, ultimately decreasing by 40 percent, according to Malwarebytes. In that span of time, TrickBot was the most prevalent form of spyware after it added the ability to hijack cryptocurrency earlier in the year.

How to Protect Against Mobile Threats

To defend their organizations against BondPath and similar mobile threats that originate in official app stores, security teams should keep applications and operating systems running at the current patch level, verify the legitimacy of unsolicited email attachments through a separate channel, and monitor their IT environment for the indicators of compromise (IoCs) listed in the IBM X-Force Exchange threat advisory.

Sources: Fortinet, Verizon, Malwarebytes, Malwarebytes(1)

More from

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…

How I got started: SIEM engineer

3 min read - As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents within an organization. They leverage SIEM tools to aggregate and correlate data, enabling them to detect anomalies, identify potential threats and respond swiftly to security…