“Exaspy” is the name of a commercial Android spyware package found in a fake app by Skycure Research Labs in early September. The spyware package contains malicious behaviors we’ve seen before, including access to chats, SMS messages, pictures, capturing audio on telephone calls, and communications with a CNC (command and control) server.
According to Skycure Research Labs, the spyware was found on “an Android 6.0.1 device, owned by one of the company’s Vice Presidents” making this a possible targeted attack. No additional occurrences in the wild have been found.
Appthority did not identify any apps infected by “Exaspy” in our global database of apps installed on enterprise devices.
Appthority customers concerned about Exaspy can create an app policy with the “Infected by Exaspy” behavior or simply add that behavior to an existing app policy that captures security vulnerabilities or high risk behaviors. Appthority also has coverage to detect and identify infected apps with other spyware packages – including the popular “Droidjack”.
Further, infected spyware apps are often installed on mobile devices using side-loaded channels. Appthority recommends having a policy of not allowing side-loaded apps on corporate owned devices and using the Appthority Portal to identify and remediate mobile devices with unapproved side-loaded apps.