Google has removed four apps from its official Play Store which were identified to be infected with spyware. Researchers from Lookout's Security Research & Response revealed that the spyware is capable of harvesting a "significant amount" of device and user data.

Like Us on Facebook

The spyware dubbed as Overseer, lurking behind the four apps, could steal a user's name, phone number, email address and contact history. Security researchers from Lookout found a host of sensitive user information, such as a user's precise location, including latitude and longitude, network ID, internal and external memory, phone type, network operator, device and Android information, Device IMEI, IMSI, MCC, MNC and details about installed packages were also being stolen by Overseer.

Personal data from users including location area code, the version of Android a device is running, its user build and whether the device has been rooted was also being harvested.

"Overseer interested us for a few reasons. First, it targets foreign travelers, with its core functionality of searching for the embassies' locations. For example, enterprise executives could be impacted by Overseer if they had downloaded the Embassy app during business travel," Lookout director Kristy Edwards and security analyst Michael Flossman revealed in a blog post.

Overseer was discovered hiding in one app that was used by travelers as an Embassy search tool to guide them to their country's embassy while they are traveling abroad.  The malware was also found as a Trojan in a Russian and European news app for Android.

The researchers pointed out that this malware was communicating with a control and command server (CNC) using Facebook's open source Parse Server which is based on Amazon Web Services cloud. The malware's command and control center could make use of HTTPS and a server based in the US to essentially remain hidden. The fact that the CNC is on a popular cloud service gives the impression that its traffic was legitimate making it less likely to be detected.