Android malware, dubbed Triout has re-emerged posing as the trusted online privacy application, Psiphon, to trick users into downloading it. The legitimate “com.psiphon3” package is available in Google’s app store, Google Play and is advertised as a privacy tool that enables access to the open internet. The application has over 50 million installs and over 1 million reviews. The malicious version is bundled with Triout and is not available via Google Play.
Triout acts as spyware that collects device data and can record phone calls, log incoming text messages, record videos, access/take photos, and access location information. It also comes bundled with three adware components, Google Ads, Inmobi Ads and Mopub Ads. Both the legitimate and malicious Psiphon application have a similar look and equivalent functionalities, but the malicious version uses v91 of the original application when distributing Triout spyware. The current version of the legitimate application is v241.
Recommendations:
- Download apps from official marketplaces only.
- Keep your device OS (operating system) and applications up to date.