Popular VPN App Laced with Malware, Steals Data

John Lister's picture

Security researchers have warned a notorious piece of malware has returned to Android. It's in disguise, posing as a legitimate and popular VPN application.

Researchers at the security firm Bitdefender have dubbed the malware as "Triout," which was first spotted last August. It's a particularly nasty piece of malware as it carries out multiple hostile acts. (Source: bitdefender.com)

These include recording phone calls, reading incoming SMS messages, taking pictures and videos, and collecting location data such as GPS coordinates. Triout is designed to operate without being detected and then secretly transmits stolen data to cyber criminals.

When first spotted, Triout was hidden inside a copy of an application that showed adult content. This time it comes in a rogue copy of "Psiphon", a popular VPN gateway for smartphones and PCs.

Legit Version Bypasses Censorship

With over 10 million installations, the real version of the Psiphon - as distributed in the Google Play store - is legitimate. The app is designed to access websites that have been blocked by an Internet provider, which may be the result of the ISP's policy, a court order, or as the result of government censorship. (Source: express.co.uk)

The rogue version of the app (which is distributed through other sources) looks and feels almost exactly the same as the real thing. It carries out the same functions, so the user would not know anything is amiss. The only notable difference is that it's based on an older version of the legitimate Psiphon app.

Malware Also Runs Ad Fraud Tools

Behind the scenes, however, the rogue version of Psiphon is running the Triout malware which then steals the users' data.

It's also bundled with three pieces of software that hijack the phone to make bogus 'visits' to websites hosting ads. The idea here is to defraud advertisers with fake traffic, and the cyber criminals are then credited for the clicks. This still harms the phone user as it can eat up data allowances and slow down the phone's performance.

The researchers aren't sure whether the goal of the malware creators is to try to steal data from a mass audience or if it's designed instead for espionage against specific individuals. For example, hostile governments might want to spy on political opponents who'd be more likely to use apps designed to get round website censorship.

In either case, it remains good advice for to download all apps from the official Google Play store. It's also worth noting that regardless of which apps installed, it's important to download the latest version to ensure the app security is up to date. It's also recommended to run an anti-malware scan once a month as a precaution (Malwarebytes Antimalware free is an excellent app).

What's Your Opinion?

How do you verify apps before using them? Do you ever get apps from sources other than Google Play? Do you run security software on your phone or tablet?

Rate this article: 
Average: 4.3 (12 votes)


Jim-in-kansas's picture

Thanks for a very informative article. I am not currently using an anti-malware App on my cellphone but that will change very soon.

James Douglass
Garden City, Kansas