Malware that stole contacts, audio, location and more was under development for years.
By Dan Goodin
Researchers recently discovered a well-funded mobile phone surveillance operation that was capable of surreptitiously stealing a variety of data from phones running both the iOS and Android operating systems. Researchers believe the malware is so-called "lawful intercept" software sold to law-enforcement and governments.
Exodus, as the malware for Android phones has been dubbed, was under development for at least five years. It was spread in apps disguised as service applications from Italian mobile operators. Exodus was hidden inside apps available on phishing websites and nearly 25 apps available in Google Play. In a report published two weeks ago, researchers at Security without Borders said Exodus infected phones estimated to be in the "several hundreds if not a thousand or more."