Android users: under no circumstances should you load this spyware on your phone!

by



[ad_1]

Software security company Zimperium claims that a sophisticated new malicious Android app, posing as a system update app, can wreak havoc with your phone and your life. The app can give control of your Android phone to bad actors who will be able to steal messages, data, images, take photos, browse your browser history, record phone calls and audio, view your WhatsApp messages and much more. This is indeed a serious achievement.

Don’t load this app aside on your Android phone!

The System Update app has never been in the Google Play Store, a fact confirmed by Google. ZLabs researchers discovered the app and after conducting an investigation, it was discovered that it was a sophisticated spyware campaign with complex capabilities. Now we know exactly what you are thinking. How long will it take Pizza Hut to deliver a green pepper, onion and pineapple pizza? The second thought that comes to your mind is if the app was never listed in the Google Play Store, how did it get installed on your Android phone? The answer is simple, in fact. It was installed by downloading a malicious app from a third party app store.

Once the app is installed, “the device is registered with Firebase Command and Control (C&C) with details such as presence or absence of WhatsApp, battery percentage, storage statistics, token received from Firebase mail service and Internet connection type. ” Spyware is triggered when several conditions take effect, such as adding a new contact, receiving a new text message, or installing a new app. Spyware is always looking for something to spy on. If it detects that a phone call is in progress, it will record the conversation, add the updated call log, and store the information on a command and control (C&C) server as an encrypted ZIP file. To ensure that there is no trace of what happened, the spyware deletes the files as soon as it receives a thumbs-up from the server indicating that the files have been received.

The data is then placed in several folders of the spyware’s private storage. A feature of spyware is that it always wants fresh data. For example, if the malware is configured to collect a new photo after 40 minutes, that is exactly what will happen. Location data is collected via GPS or via the network depending on which one has the most recent data. If the current data is more than five minutes old, the location data is collected and stored again.

The spyware will create a fake notification if the screen of the infected device is turned off when a command is received using the Firebase email service. Some things this spyware does include stealing thumbnails of images and videos.

There is no doubt that this is a dangerous application. Perhaps the best thing you can do is not download an app called “Software Update”. Or you might want to consider staying away from third-party app stores. After all, check out this list of things this malicious app can do:

  • Steal instant messaging messages;
  • Steal IM database files (if root is available);
  • Inspect the favorites and searches of the default browser;
  • Inspect bookmarks and search history from browsers such as Google Chrome, Mozilla Firefox, and Samsung Internet browser;
  • Look for files with certain extensions such as .pdf, .doc, .docx and .xls, .xlsx;
  • Inspect the data on the clipboard;
  • Inspect the content of notifications;
  • Record audio and phone calls;
  • Take photos on a timed basis using the front or rear cameras;
  • Create a list of installed applications;
  • Monitor the GPS position;
  • Steal SMS messages; phone contacts, images and videos and call logs;
  • Remove device information about the device, such as installed applications, device name and storage statistics; and
  • hide the device drawer and application menu icon.

You can see why it is important to avoid this app at all costs.

[ad_2]

Source link