— — Apps

A new Android spyware masquerades as a ‘system update’ – TechCrunch

2 Mins read

 

Security researchers say a powerful new Android malware masquerading as a critical system update can take complete control of a victim’s device and steal their data.

The malware was found bundled in an app called “System Update” that had to be installed outside of Google Play, the app store for Android devices. Once installed by the user, the app hides and stealthily exfiltrates data from the victim’s machine to the operator’s servers.

Researchers at mobile security firm Zimperium, which discovered the malicious app, said that once the victim installs the malicious app, the malware communicates with the operator’s Firebase server, used to control the device remotely.

The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos using the phone’s cameras. The malware also tracks the victim’s location, searches for document files and grabs copied data from the device’s clipboard.

The malware hides from the victim and tries to evade capture by reducing how much network data it consumes by uploading thumbnails to the attacker’s servers rather than the full image. The malware also captures the most up-to-date data, including location and photos.

Zimperium CEO Shridhar Mittal said the malware was likely part of a targeted attack. “It’s easily the most sophisticated we’ve seen,” said Mittal. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”

Tricking someone into installing a malicious app is a simple but effective way to compromise a victim’s device. It’s why Android devices warn users not to install apps from outside of the app store. But many older devices don’t run the latest apps, forcing users to rely on older versions of their apps from bootleg app stores.

Mittal confirmed that the malicious app was never installed on Google Play. When reached, a Google spokesperson would not comment on the company’s steps to prevent the malware from entering the Android app store. Google has seen malicious apps slip through its filters before.

This kind of malware has far-reaching access to a victim’s device and comes in a variety of forms and names but essentially does the same thing. In the early days of the internet, remote access trojans, or RATs, let snoops spy on victims through their webcams. Nowadays, child monitoring apps are often repurposed to spy on a person’s spouse, known as stalkerware or spouse are.

683 posts

About author
Tristan McCue is a 26-year-old junior programmer who enjoys reading, binge-watching boxed sets, and appearing in the background on TV. He is smart and friendly, but can also be very evil and a bit lazy.He is an Australian Christian. He has a post-graduate degree in computing.
Articles
Related posts
— — Apps

Google abused dominant position of Android in India, antitrust probe finds – TechCrunch

1 Mins read
Google has abused the dominant position of Android in India to illegally hurt competitors in the world’s second-largest internet market, a two-year…
— — Apps

Google’s R&D division experiments with newsletters powered by Google Drive – TechCrunch

2 Mins read
Following entries into the newsletter market from tech companies like Facebook and Twitter, Google is now experimenting with newsletters, too. The company’s…
— — Apps

News aggregator SmartNews raises $230 million, valuing its business at $2 billion – TechCrunch

3 Mins read
SmartNews, a Tokyo-headquartered news aggregation website and app that’s grown in popularity despite hefty competition from built-in aggregators like Apple News, today…
Get All Latest Blog Direct In Your Website

Leave a Reply

Your email address will not be published.