Researchers at Zimperium, a mobile security firm discovered new Android spyware that disguises as a ‘System Update’. The new Android Spyware takes control of the victim’s device and steals data.
The researchers said once the malicious app is installed, it hides and steals data from the victim’s device to the operator’s Firebase server.
The malicious app was found bundled in an app installed outside the Google Play store for Android devices.
Apart from tracking victims’ location, it also searches for document files and grabs copied data from the device’s clipboard. It also manages to steal messages, contacts, device details, browser bookmarks and search history, record calls, and ambient sound from the microphone. That’s not all, it can also take photos using the phone’s camera.
The app uploads thumbnails to the attacker’s servers instead of the full image, this reduces the network data, as a result, it is able to evade being detected.
According to Shridhar Mittal, CEO, Zimperium, the malware was likely a part of a targeted attack. One of the most sophisticated seen by them. A lot of time was devoted to developing this app.
He further expressed his concern saying there are more identical apps out there. They are trying their best to find them as soon as possible.
It is always way too risky when it comes to installing Android Apps outside Google Play Store. At times you have no option as many older devices do not run the latest apps, forcing you and others like you to rely on older versions of the app from various bootleg app stores.
Luckily the app has never been installed on the Google Play store. Also, Google is taking appropriate measures to prevent malware from entering the Google Play store. There have been instances in the past when Google has failed to curb such malicious apps on its platform.
This kind of malware has far-reaching access to a victim’s device comes in a variety of forms and names, but largely does the same thing. In the early days of the internet, remote access
Mr. Mittal expressed his concerns over the increasing number of RATs on mobile devices. The level of sophistication is increasing and looks like the bad actors have started to realize mobile phones also have a lot of information and are less protected compared to the traditional endpoints.