A new Android spy program has been found pretending to be a system update. The malware allows an outside person to take over another person’s device. Very dangerous, because people will be more inclined to agree with this official appearing name.
The malware is in an app called System Update that must be installed outside of Google Play. When the user does this, the program starts pulling data from the victim’s device. For example, a malicious person can intercept login details and take over accounts, without the victim noticing. This is what the researchers discovered at Zimperium.
The app appears to be talking to its creator’s Firebase server and then stealing everything: messages, device details, browser favorites, search history, contacts, call history, and microphone volume. In fact, malicious parties can take pictures with the victim’s camera. All this without realizing this is happening to you. Hackers can find out where you are, download your documents, and copy what you have to your clipboard.
Shridhar Mittal is the CEO of Zimperium. He says, “It’s easily the most advanced we’ve seen. I think a lot of time and effort has been put into creating this app. We think there are other apps like this, and we’re trying our best to find them as soon as possible.”
In short, Android users are often actively warned not to download apps from outside the Google Play Store, as they have not been checked by Google. Incidentally, apps sometimes pass through these Google filters, so Google’s system isn’t completely waterproof, he writes TechCrunch.
It is still not clear who created the malware. “We are starting to see an increasing number of RATs on mobile devices. It seems that the level of sophistication is increasing, and it seems that the bad actors have realized that mobile devices have the same amount of information about them and that they are much less protected than regular computers or laptops.”