Home / Technology / A new advanced Android malware that constitutes system update

A new advanced Android malware that constitutes system update



A new advanced Android malware that constitutes system update

AndroidManifest malware. Credit: Zimperium

In recent weeks, Zimperium zLabs researchers have revealed unsecured cloud configurations that revealed user data across thousands of legitimate Android and iOS applications. Now zLabs Android users are advising a smart and malicious new Android app.

This latest malware is in the form of a System Update program to steal data, photos, messages and usurp control all over Android phones. After taking control, attackers can record audio and phone calls, view browser logs, take photos and access WhatsApp messages, among other activities.

zLabs researchers discovered this alleged System Update app after discovering a program flagged by the z9 malware engine that drives zIPS detection on the device. A study showed that this activity can be traced to an advanced spyware campaign with intricate capabilities. Researchers sealed the deal after confirming with Google that such an app never existed and was not planned to be released on Google Play.

With a comprehensive list of compromise options, this malware can steal messages from instant messaging systems and their database files using root, examine default bookmarks and searches, inspect bookmarks and search history from Google Chrome, Mozilla Firefox and Samsung browsers, search for files with the specific extensions .doc, .docx, .pdf, .xls and .xlsx; examine clipboard contents and alerts, take periodic photos via front or rear camera, view installed applications, steal photos and video, monitor via GPS, steal phone contacts and text messages as well as call logs and filter out device information such as device name storage data. Furthermore, malicious software can even hide itself by hiding the icon from the device menu.

This malware works by running on Firebase Command and Control (C&C) when installing from a non-Google third-party app store listed under “update”

; and “refreshAllData”. To improve the sense of legitimacy, the app contains feature information such as the presence of WhatsApp, battery percentage, storage statistics, type of internet connection and Firebase messaging service token. When the user chooses to “update” existing information, the app infiltrates the affected device. Upon dissemination, C&C receives all relevant data, including the newly generated Firebase token.

While Firebase communication provides the necessary commands, the dedicated C&C server uses a POST request to collect stolen data. Notable actions that trigger app filtering include adding a new contact, installing a new application via Android’s contentObserver, or receiving a new SMS.


Unsecured cloud configurations expose data across thousands of mobile apps


More information:
Yaswant, A. “New advanced Android malware as” System Update “.” Zimperium Mobile Security Blog, Zimperium, March 26, 2021, blog.zimperium.com/new-advance … ng-as-system-update /

© 2021 Science X Network

Citation: A new advanced Android malware that constitutes a system update (2021, March 28) retrieved March 28, 2021 from https://techxplore.com/news/2021-03-advanced-android-malware-posing.html

This document is subject to copyright. Apart from fair trade for private study or research, no parts may be reproduced without written permission. The content is provided for informational purposes only.




Source link