New Android spyware has been found by security researchers that veils itself under the pretense of a ‘System Update’ to hijack the victim’s devices and exfiltrate private data.
The particular Android spyware was found by researchers at security firm Zimperium and they have noted that the spyware hides in an app called ‘System Update’ that is installed via third-party Android app installation.
When a victim installs the malicious app, the spyware connects to the operator’s Firebase server.
Once a connection is set up, the malicious application steals data from the victim’s devices and sends it to the operator’s Firebase server controlling the device remotely.
Android spyware malicious abilities:
Zimperium said its extensive range of data theft capabilities includes:
- Stealing instant messenger messages;
- Stealing instant messenger database files (if root is available);
- Inspecting the default browser’s bookmarks and searches;
- Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser;
- Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx);
- Inspecting the clipboard data;
- Inspecting the content of the notifications;
- Recording audio;
- Recording phone calls;
- Periodically take pictures (either through the front or back cameras);
- Listing of the installed applications;
- Stealing images and videos;
- Monitoring the GPS location;
- Stealing SMS messages;
- Stealing phone contacts;
- Stealing call logs;
- Exfiltrating device information like installed applications, device name, storage statistics, etc.
Spying and stealing using Android spyware:
Once the victim’s device has been hijacked, the spyware can read and exfiltrate device details, messages, contacts, browser bookmarks, as well as can analyze search history, record calls and ambient sound from the microphone, and can also capture photos using the hacked phone’s cameras.
Subsequently, the spyware can also track the device and hence victim location, search for document files and poach copied data from the device’s clipboard.
As far as staying under the radar is concerned, the spyware evades detection by limiting the data usage consumed while transmitted thumbnails instead of entire images.
The malware has the ability to detail the latest data and location of the hijacked device making it a very critical cybersecurity hazard.
Perhaps the most compelling method to hijack and gain control over victim devices is duping innocents into installing such malicious spyware posing as authentic and necessary applications.
As a result, Android has always issued warnings against such Android spyware compromising users when they install apps from unknown, third-party app stores.
But many older devices don’t run the latest apps, forcing users to rely on older versions of their apps from bootleg app stores.
Android malware and spyware have hazardous and extremely dangerous implications since they can easily reach a significant number of users as Android has its deployment as the largest OS in the mobile OS market.
Android users are highly recommended to stay alert and remain wary of applications that need to be installed from unknown stores.