Security researchers say a powerful new Android malware that is disguised as a critical system update can take full control of the victim’s device and steal their data.
Malware was found bundled in an app called “System Update” that had to be installed outside of Google Play, the app store for Android devices. Once installed by the user, the app hides and filters the data from the victim’s device to the operator’s servers.
Researchers at the mobile security company Zimperium, which discovered the malicious app, said that when the victim installs the malicious app, malicious software communicates with the operator̵
The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take pictures using the phone’s cameras. Malware also tracks the victim’s location, searches for document files, and retrieves copied data from the device’s clipboard.
Malware hides from the victim and tries to avoid capture by reducing the amount of network data it uses by uploading thumbnails to the attacker’s servers instead of the entire image. Malware also captures the most up-to-date data, including location and images.
Zimperium boss Shridhar Mittal said malicious software was likely part of a targeted attack.
“It’s easily the most sophisticated we’ve seen,” Mittal said. “I think it took a lot of time and effort to create this app. We believe that there are other apps like this and we are trying our very best to find them as soon as possible. “
Cheating someone into installing a malicious app is an easy but effective way to compromise your device’s victim. This is why Android devices warn users not to install apps outside the app store. However, many older devices do not run the latest apps, forcing users to rely on older versions of their apps from bootleg app stores.
Mittal confirmed that the malicious app was never installed on Google Play. Once reached, a Google spokesperson would not comment on the steps the company took to prevent malicious software from entering the Android App Store. Google has seen malicious apps slip through its filters before.
This type of malware has extensive access to the victim’s device in various forms and names, but does pretty much the same thing. In the early days of the internet, Trojans with remote access, or RAT, allow snoopers to spy on victims through their webcams. Today, child monitoring apps are often used to spy on a person’s spouse, known as stalkerware or spouseware.
Last year, TechCrunch reported on KidsGuard stalkerware – apparently an app for monitoring children – that used a similar “system update” to infect victims’ devices.
But researchers do not know who created malicious software or who it is targeting.
“We are starting to see an increasing number of RATs on mobile devices. And the level of sophistication seems to be increasing, it seems that the bad actors have realized that mobile devices have just as much information about them and are much less protected than the traditional endpoints, “said Mittal.
Send tips securely over Signal and WhatsApp to + 1646-755-8849. You can also send files or documents using SecureDrop.