Do not sideload this app on your Android phone!
The notification on the phone in this picture comes from the spyware, not the app
Once the app is installed, the device is registered with Firebase Command and Control (C&C) with details such as the presence or absence of WhatsApp, battery percentage, storage statistics, tokens received from the Firebase messaging service and the type of Internet connection. “The spyware is triggered when multiple conditions take effect , for example adding a new contact, receiving a new SMS or installing a new app. The spyware is always looking for something to, well, spy on. If it detects a phone call, it will record the call, add it updated the call log and save the information to a command and control server (C&C) as an encrypted ZIP file.To ensure that there is no trace of what happened, the spyware deletes the files as soon as it receives the thumbs up from the server and says that the files are received.
The data is then placed in several folders in the spyware’s private storage. A characteristic of spyware is that it will always have new data. For example, if the malicious software is set to collect a new image after 40 minutes, that is exactly what will happen. Location data is collected via GPS or through the network, depending on which has more recent data. If the current data is more than five minutes old, the position data is collected and stored again.
The spyware creates a false alert if the screen of the infected device is off when a command is received using the Firebase messaging service. of the things that this spyware does include stealing thumbnails of pictures and video.
There is no doubt that this is a dangerous app. Perhaps the best thing you can do is stay away from side-loading an app called “Software Update.” Or you may want to consider staying away from third-party app stores altogether. After all, check out this list of things that this malicious app can do:
- Stealing instant messages;
- Steal instant messenger database files (if root is available);
- Inspect the default browser bookmarks and searches;
- Inspect bookmark and search history from browsers like Google Chrome, Mozilla Firefox and Samsung Internet Browser;
- Search for files with certain extensions such as .pdf, .doc, .docx and .xls, .xlsx;
- Inspect data from the clipboard;
- Inspect the content of the alerts;
- Record audio and telephone conversations;
- Take pictures in time through the front or rear cameras;
- Make a list of installed apps;
- Monitor GPS position;
- Stealing SMS messages; telephone contacts, photos and videos and call logs;
- Remove device information device such as installed applications, device names and storage statistics; and
- hide the icon from the device app drawer and menu.
You can see why it is important to avoid this app at all costs.