Orome1 quotes HelpNetSecurity: “Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a vice president at a global technology company. The name of the malicious package is ‘com.android.protect’, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher.” The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.
According to the article, “chances are someone took advantage of the physical access they had to the device to do the dirty deed.”
Read more of this story at Slashdot.