[ad_1]
Do not blindly click this link and assume that the notification of a system update you have received is real. Zero-day exploits in popular server applications like Solarwinds and Exchange may grab headlines, but the biggest issues most users face with technology security are social. This is still the case this week, as the new malware for Android is billed as a security update, but the payload is much darker. According to security firm Zimperium, this supposed critical fix could really be malware that steals messages and personal data, or even takes full control of the phone.
Zimperium first detected new System Update malware because application behaviors triggered detection in the company’s zIPS on-device protection on a number of infected devices. The application is a remote access Trojan, which functions as a backdoor allowing an attacker to access the device’s email applications, web browser, and files with specific extensions, including common Microsoft Office file types. Beyond simple data theft, the app can also monitor location via GPS and location services, activate microphone and camera, and record phone calls; while hiding from the app drawer.
Fortunately, Zimperium says this app is only available through third-party stores, not Google Play. The app then registers the device with Google’s Firebase Command & Control, including data such as the device model, and then fetches a new Firebase token for its own purposes. Attackers then send commands through Google’s own Firebase Cloud Messaging instance, and rather than displaying them as alerts like most applications do, this System Update malware takes the body of the alert and analyzes it. for orders on the data to be returned to its creators.
Code snippets that replicate what the malware does are included in the Zimperium blog post. It’s always up to the app developers to decide what to do with incoming notifications, and normally they’re just formatted and displayed on the device. The system update code reads the body and goes through branch logic to collect the requested data. This information is then stored in the app’s private storage sandbox, ready to be returned. It can even scrape thumbnails from videos stored on the device. The app also scratches location and call information in the same way.
While Microsoft is largely to blame, recent events with Apple and Android malware also prove that no platform is secure. Any device that has the System Update app installed should be considered a group line where a third party is almost certainly listening. Zimperium does not provide any procedures to ensure malware removal. In theory, visiting the device’s installed apps and removing them should fix the problem, but a safer bet is a reset and restore. Downloading third party apps is always a bit risky, and in this case, it is the users who have lost.
[ad_2]
Source link