Overview
- Osservatorio Nessuno detailed a new Android spyware called Morpheus and linked it to IPS Intelligence, while noting that independent confirmation and sample provenance have not been disclosed.
- The report describes a social‑engineering chain where attackers cut mobile data, text a link to a fake ISP site, and prompt targets to install a bogus update app that carries the hidden payload.
- Once installed, Morpheus asks for Accessibility access and then shows full‑screen overlays that fake an update and block touch input to push through required permissions.
- The malware enables Developer Options, turns on Wireless Debugging, and pairs to Android’s ADB to grant itself powerful rights without needing root access.
- With those rights it can read screens, mimic WhatsApp with a fake biometric prompt, record audio and video, switch off Play Protect and antivirus apps, and survive reboots, putting users’ chats and device privacy at risk.