Beware of new Android spyware pretending to be a system update

in cybersecurity2 months ago

image.png

Researchers at mobile security firm Zimperium have discovered a new Android spyware that is masquerading as a system update. In a report by Techcrunch, the malicious software was found bundled in an app that had to be installed outside of the Google Play Store.

image.png

After it is installed the spyware then sends data from the user’s device to the operator’s Firebase server which is used to gain remote access to the device.

The Android spyware can syphon off messages, device details, bookmarks, search histories and contacts as well as capture ambient sound from the microphone. As if this couldn’t get worse, the spyware can apparently take photos using the infected device’s camera.

If you thought that was the end of it, I am sad to say it isn’t. The spyware is also capable of tracking the victim’s location, search for document files and also copy data from a device’s clipboard.

“It’s easily the most sophisticated we’ve seen, I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”

  • Shridhar Mittal, CEO of Zimperium

Catching the spyware has proven difficult because it hides ever so well. The designers of the spyware seem to be ahead of their time because the malware reduces the amount of data it consumes by uploading thumbnails to its server than the full image.

How to protect yourself

As stated by the researchers at Zimperium the app is not part of the Play Store’s catalogue, so it is advised that you don’t install APK files but rather get your apps straight from the Play Store.

Saying this in these parts is a bit of a sensitive subject because of the price of out-of-bundle data in Zimbabwe. However, the cost of data here seems a far lower price to pay than to have an app that can record through your microphone and send sensitive information from your device.

Sort:  

Is there any further information you have surrounding the spyware itself? I feel like "don't install any APK" is exactly the best recommendation because that's why a lot of people have androids in the first place. Are there any IOCs in the malware other than the ones mentioned?