Stealth Stalkerware on Play Store Steals Data via Accessibility

A Dangerous Spy App Lurks on Google Play

A malicious application disguised as an anti-theft tool has been discovered on the Google Play Store, posing a serious threat to user privacy. According to recent reports, the app, operating under the package name com.ssurebrec and calling itself Cerberus Anti-theft, has been available for download since October 4, 2023. It stealthily performs surveillance functions without the victim's knowledge.

How the Stalkerware Operates

The app gains unauthorized control by abusing Android's accessibility services, a common technique used by malware to bypass security restrictions. Once installed, it can silently capture photos using the device's camera, track the user's location through GPS, record audio via the microphone, and even perform a factory reset to wipe all data. These actions are executed remotely through Firebase Cloud Messaging, allowing the attacker to issue commands from afar.

Implications and Risks

This discovery highlights the ongoing challenge of policing app stores for sophisticated spyware that mimics legitimate software. The app's ability to hide in plain sight underscores the need for users to scrutinize app permissions and reviews before installation. Google Play Protect may not always catch such threats, especially when they exploit accessibility features.

Protecting Against Stalkerware

Users are advised to regularly review installed apps and revoke accessibility permissions for any app that does not require them. Monitoring data usage and battery drain can also help detect suspicious activity. If you suspect your device is compromised, consider a factory reset and change all account passwords immediately.