According to NetQin Mobile, there are more than a dozen variants of the spyware since the first was spotted, and the latest has affected 150,000+ devices.
Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.
"The Conference Call feature allows more than two parties to join a conversation, and it's easily available to most smart-phone users. The privacy stealers exploit the vulnerability of this feature for financial purposes. The privacy protection on mobile devices becomes more important than ever," said Dr. Zou Shihong, Vice President of R&D from NetQin.
NetQin Cloud Security Centre detects that the spyware can remotely turn on the speaker on the phone to monitor sounds around users without the users' awareness. Apart from that, the spyware is also capable of synchronizing the messages the user received and delivered to the monitoring phone. These performances will compromise users' privacy.
The privacy stealers usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click. As the spyware is artfully disguised, users will easily be trapped.
NetQin warns that smart-phone users are exposed to more mobile security threats than ever and users should always be cautious whenever performing operations on their mobile devices.
To stay safe, NetQin experts give the following tips in using your phone:
1. Never click open MMS from unknown numbers as they may get your phone infected. Instead, delete them upon receipt.
2. Be on alert for unusual behavior on your phone, such as unusual SMS.
3. Don't leave your phone out of your sight in public environments.
4. Install a trusted security application to protect your phone from security threats.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.