Malicious apps developed by third parties and hosted by Amazon or Google are being used for “smart spying.”
The malicious apps had different names and slightly different ways of working, but they all followed similar flows.
A user would say a phrase such as: “Hey Alexa, ask My Lucky Horoscope to give me the horoscope for Taurus” or “OK Google, ask My Lucky Horoscope to give me the horoscope for Taurus.”
The eavesdropping apps responded with the requested information while the phishing apps gave a fake error message. Then the apps gave the impression they were no longer running when they, in fact, silently waited for the next phase of the attack.