Home / Technology / Android users: under no circumstances should you sideload this spyware on your phone!

Android users: under no circumstances should you sideload this spyware on your phone!

Software security firm Zimperium says that a sophisticated new malicious Android app, which is a System Update application, can wreak havoc on your phone and your life. The app can turn the control of your Android phone into bad actors who will be able to steal messages, data, photos, take pictures, go through your browser history, record phone calls and audio, view your WhatsApp messages and much more. This is really a serious exploitation.

Do not sideload this app on your Android phone!

The system update app has never been in the Google Play Store, which has been confirmed by Google. zLabs researchers discovered the app, and after conducting an investigation, it was discovered that it was a sophisticated spyware campaign with complex capabilities. Now we know exactly what you̵
7;re thinking. How long does it take Pizza Hut to deliver a green pepper, onion and pineapple pizza? The other thought for you is that if the app has never been listed in the Google Play Store, how was it installed on your Android phone? The answer is actually. It was installed by sideloading a malicious app from a third-party app store.

Once the app is installed, the device is registered with Firebase Command and Control (C&C) with details such as the presence or absence of WhatsApp, battery percentage, storage statistics, tokens received from the Firebase messaging service and the type of Internet connection. “The spyware is triggered when multiple conditions take effect , for example adding a new contact, receiving a new SMS or installing a new app. The spyware is always looking for something to, well, spy on. If it detects a phone call, it will record the call, add it updated the call log and save the information to a command and control server (C&C) as an encrypted ZIP file.To ensure that there is no trace of what happened, the spyware deletes the files as soon as it receives the thumbs up from the server and says that the files are received.

The data is then placed in several folders in the spyware’s private storage. A characteristic of spyware is that it will always have new data. For example, if the malicious software is set to collect a new image after 40 minutes, that is exactly what will happen. Location data is collected via GPS or through the network, depending on which has more recent data. If the current data is more than five minutes old, the position data is collected and stored again.

The spyware creates a false alert if the screen of the infected device is off when a command is received using the Firebase messaging service. of the things that this spyware does include stealing thumbnails of pictures and video.

There is no doubt that this is a dangerous app. Perhaps the best thing you can do is stay away from side-loading an app called “Software Update.” Or you may want to consider staying away from third-party app stores altogether. After all, check out this list of things that this malicious app can do:

  • Stealing instant messages;
  • Steal instant messenger database files (if root is available);
  • Inspect the default browser bookmarks and searches;
  • Inspect bookmark and search history from browsers like Google Chrome, Mozilla Firefox and Samsung Internet Browser;
  • Search for files with certain extensions such as .pdf, .doc, .docx and .xls, .xlsx;
  • Inspect data from the clipboard;
  • Inspect the content of the alerts;
  • Record audio and telephone conversations;
  • Take pictures in time through the front or rear cameras;
  • Make a list of installed apps;
  • Monitor GPS position;
  • Stealing SMS messages; telephone contacts, photos and videos and call logs;
  • Remove device information device such as installed applications, device names and storage statistics; and
  • hide the icon from the device app drawer and menu.

You can see why it is important to avoid this app at all costs.

Source link