New Android spyware masquerades as a system update

[ad_1]

Although Android is a much more secure operating system than many people credit it with, malware and spyware can still pop up from time to time. Recently, a security company discovered disturbing spyware on Android that masquerades as a system update.

Zimperium The security company last week reported new spyware designed for Android that can steal data without the user’s knowledge, even going so far as to hide its app icon in the app drawer and restrict the amount of data transmitted.

Spyware, which does not require root access, disguises itself as an Android system update to trick users into believing that the device is only checking a system update rather than stealing their data. A notification appears stating that the device is “Checking for update…” and even uses the Google icon.

Once installed and active, the Remote Access Trojan (RAT) can receive and execute commands on the device to capture and steal data. These actions include:

Steal instant messaging messages;
Steal IM database files (if root is available);
Inspect the favorites and searches of the default browser;
Inspect bookmark and search history from Google Chrome, Mozilla Firefox and Samsung internet browser;
Search for files with specific extensions (including .pdf, .doc, .docx and .xls, .xlsx);
Inspect the data in the clipboard;
Inspect the content of notifications;
Audio recording;

Recording of telephone calls;
Take photos periodically (via the front or rear cameras);
List of installed applications;
Steal images and videos;
GPS position monitoring;
Steal SMS messages;
Steal telephone contacts;
Steal call logs;
Exfiltration device information (eg, installed apps, device name, storage statistics); and
Conceal its presence by hiding the drawer / menu icon of the device.

Notably, applications like WhatsApp are vulnerable to this spyware when the device is rooted. This is not possible for spyware on newer versions of Android, but outdated versions can be vulnerable if the app itself establishes root access. This is a good illustration of why major Android updates are so important for phones.

To better prevent infected users from discovering spyware, it only captures and downloads limited sets of data to avoid setting off red flags about data usage. For example, instead of sending full size images, the spyware only captures thumbnails with much smaller file size.

New Android spyware designed to look like a system update, but was never in the Play Store

Google, in response to a request from ArsTechnica, did not have a full statement about the spyware, but noted that it was never available on the Google Play Store. This means that luckily the majority of Android users have probably never come into contact with spyware.

Learn more about Android:

FTC: We use automatic income generating affiliate links. After.

Check out 9to5Google on YouTube for more news:

[ad_2]

Source link