Android, millions at risk: app infected with spy malware

Bitfidner researchers have discovered a malicious version of the Psiphon app capable of spying on all user actions. Here's how to defend yourself

An app with over 50 million downloads has been infected with the Triout virus, a spyware capable of spying on all actions a person takes with their smartphone. The application in question is called Psiphon and is mainly used in censored countries where it is not possible to connect to the Internet or have free access to the Google Play Store.

The infected app was discovered by researchers from Bitdefender, a company that develops solutions for users' cybersecurity (antivirus and anti-malware programs). Triout is one of the most aggressive and devious viruses on the Internet. So far it has only been found inside pornographic apps, but now it seems to have made the big move towards applications used by millions of users. It is a spyware, a particular type of malware capable of spying on every single action of a person. They are usually used by the secret services for international espionage actions, but this does not seem to be the case with Triout. According to the latest information leaked on the Net, Asian hacker groups are supposed to be behind the virus.

What is Psiphon app

Psiphon is an open source software made by the Citizen Lab of the University of Toronto. The purpose of the app is to allow people living in non-free nations to bypass censorship and be able to connect to the Net. The operation of Psiphon is quite simple and any person can use the software to connect to the Internet. Psiphon is mainly based on the use of a VPN.

What is Triout virus

Triout is a spyware that was first discovered last May. It had initially infected pornographic applications and managed to access the personal data of thousands of users. This time, the virus has attempted the big score by infecting an application with over 50 million downloads. According to Bitdefender researchers, the virus has infected Psiphon version 91, the most recent version being 241.

The spyware is able to control every single action of the person: it reads sent and received messages, takes screenshots and sends them to hackers, copies photos, videos and records incoming and outgoing calls. It is still unclear who is behind Triout: from the latest information that appeared on the net, the virus is supposed to be controlled by Asian hackers, but there is no certainty. It is also not clear what the hackers' target is. Usually spyware is used by secret services to spy on some enemy, but this is not the case with Triout. Probably, the goal of the hackers is to get the data and resell it on the dark web to easily earn thousands of euros.

How to defend yourself against Triout

We usually suggest you to download the apps usually from the Google Play Store or from reliable sources. But not in this case. Triout is not present in the Google Play Store, as it serves people living in non-free countries to have access to the Google store itself. To protect yourself from viruses like Triout, the advice is to install antivirus apps: online you can download free software that can fight spyware.

Logically, if you use Psiphon app to connect to the internet, check the version you are using. If it is number 91, uninstall it immediately and download the latest available version.