Home / Technology / Watch out! The Android system update may contain a powerful spyware

Watch out! The Android system update may contain a powerful spyware



Android system update

Researchers have discovered a new Trojan information that steals Android devices with an attack of data filtering features – from collecting browser searches to recording audio and phone calls.

While malware on Android has previously been covered by copycat apps, which go by names similar to legitimate software, this sophisticated new malicious app disguises itself as a System Update program to take control of compromised devices.

“The spyware program alerts you when the device̵

7;s screen is off when it receives a command using the Firebase messaging service,” Zimperium researchers said in a Friday analysis. “” Checking for update … “is not a legitimate alert from the operating system, but the spyware.”

Once installed, the sophisticated spyware campaign uses its task to register the device with a Firebase command-and-control (C2) server with information such as battery percentage, storage statistics, and whether the phone has WhatsApp installed, followed by collecting and export. data of interest to the server in the form of an encrypted ZIP file.

Android system update

The spyware has countless hidden focus capabilities, including tactics for looting contacts, browser bookmarks and search history, stealing messages by abusing accessibility services, recording audio and phone calls, and taking pictures using the phone’s cameras. It can also track the victim’s location, search for files with specific extensions, and retrieve data from the device’s clipboard.

“The spyware’s functionality and data filtering are triggered under several conditions, such as a new contact added, a new received SMS or, a new application installed using Android’s contentObserver and Broadcast receivers,” the researchers said.

In addition, not only does malware organize the collected data into multiple folders in its private storage, it also wipes out traces of malicious activity by deleting the ZIP files as soon as it receives a “success” message from the C2 server’s filtering. In a further effort to avoid detection and flying under the radar, spyware also reduces bandwidth consumption by uploading thumbnails as opposed to the actual images and videos contained in remote storage.

Although the “System Update” app was never distributed through the official Google Play Store, the survey once again highlights how third-party app stores may contain dangerous malware. The identities of the authors of the malware, the targeted victims and the ultimate motive behind the campaign are still unclear.




Source link