Triout, a creepy Android spyware identified by Bitdefender researchers, can secretly snap photos and videos, record phone calls, log text messages and keep track of victims\u2019 locations. The spyware framework\u2019s extensive surveillance capabilities that can be bundled into benign apps make it likely that it is part of an espionage campaign.The malicious app contains the same code and functionality as the original app as well as the malicious payload. Perhaps there were a lot of people in Israel looking to spice up their love lives because that is where most the Triout-infected \u2018Sex Game\u2019 (SexGameForAdults) apps were detected. The first malware sample, however, was originally submitted to VirusTotal from Russia on May 15, 2018.Triout was detected by Bitdefender\u2019s machine learning algorithms. Bitdefender researchers suspect the Triout spyware is being hosted on attacker-controlled domains or third-party marketplaces. The firm suspects it is being used for an espionage campaign, but does not know what group or nation is behind it.The spyware capabilities include:Recording every phone call as a media file and sending it along with the call date, call duration and the caller ID to a C&C server.Logging every incoming text message and sending it to the C&C.Taking photos with the front and rear cameras and sending those to the C&C server; the camera capture was described as \u201cone of the more disturbing features\u201d by Bitdefender.Logging GPS coordinates and sending the tracked data to the C&C.The Android spyware can also hide itself from the user.Despite all those advanced spying features, the most striking thing about the sample, according to Bitdefender\u2019s whitepaper (pdf), \u201cis that it\u2019s completely unobfuscated, meaning that simply by unpacking the .apk file, full access to the source code becomes available. This could suggest the framework may be a work-in-progress, with developers testing features and compatibility with devices.\u201d The C&C server, a single, hardcoded IP address, to which the app sends the collected data has been operational since May.Since the malware is capable of uploading recorded phone calls, Bogdan Botezatu, a senior analyst at Bitdefender, told ZDNet that the security firm presumes \u201cthis is an espionage campaign.\u201d He added, \u201cThis is infeasible for a commercial actor because of the diversity of languages they would receive the calls in. Since the application records phone calls and picks short messages up, we presume that whoever gets the information has the ability to translate them and make sense of the information collected.\u201dBitdefender advised users to be wary of downloading apps from anywhere but the official store as well as thinking twice about granting apps permission to read messages, access call logs and GPS coordinates or other data obtained via the Android\u2019s sensors.