Android malware, it’s a problem that is unlikely ever to go away. As long as there is value in your data, Android malware and the criminals behind it will remain. Finding a piece of Android malware isn’t in itself a huge revelation. At least to us, what is surprising is how this piece of Android malware disguises itself as an actual legit system update.
Estimated reading time: 3 minutes
The new Android malware disguises itself as a System Update application, and is stealing data, messages, images and taking control of Android phones. Once in control, hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more (a complete list is below).
The “System Update” app was identified by zLabs researchers who noticed an Android application being detected by the z9 malware engine powering zIPS on-device detection. Following an investigation, we discovered it to be a sophisticated spyware campaign with complex capabilities. We also confirmed with Google that the app was not and has never been on Google Play.
Zimperium goes on to explain how this new Android malware works and what it can do. Here’s the havoc the company says this new bug can wreak on your device:
- Stealing instant messenger messages;
- Stealing instant messenger database files (if root is available);
- Inspecting the default browser’s bookmarks and searches;
- Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser;
- Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx);
- Inspecting the clipboard data;
- Inspecting the content of the notifications;
- Recording audio;
- Recording phone calls;
- Periodically take pictures (either through the front or back cameras);
- Listing of the installed applications;
- Stealing images and videos;
- Monitoring the GPS location;
- Stealing SMS messages;
- Stealing phone contacts;
- Stealing call logs;
- Exfiltrating device information (e.g., installed applications, device name, storage stats); and
- Concealing its presence by hiding the icon from the device’s drawer/menu.
You can check out the Zimperium blog post for more on this; they get into some granular details, which we won’t get into here. Just be sure to always triple-check what you’re installing before you install it.
What do you think of this new Android malware? Please share your thoughts on any of our social media pages. You can also comment on our MeWe page by joining the MeWe social network.