GolfSpy

Description

(Trend Micro) Given GolfSpy’s information-stealing capabilities, this malware can effectively hijack an infected Android device. Here is a list of information that GolfSpy steals: • Device accounts • List of applications installed in the device • Device’s current running processes • Battery status • Bookmarks/Histories of the device’s default browser • Call logs and records • Clipboard contents • Contacts, including those in VCard format • Mobile operator information • Files stored on SDcard • Device location • List of image, audio, and video files stored on the device • Storage and memory information • Connection information • Sensor information • SMS messages • Pictures

GolfSpy also has a function that lets it connect to a remote server to fetch and perform commands, including: searching for, listing, deleting, and renaming files as well as downloading a file into and retrieving a file from the device; taking screenshots; installing other application packages (APK); recording audio and video; and updating the malware.

Names

Name
GolfSpy

Category

Malware

Type

  • Reconnaissance
  • Info stealer
  • Exfiltration

Information

Mitre Attack

Other Information

Uuid

fdd7d92f-6189-40cb-974d-66f655620429

Last Card Change

2022-12-31