Do not download this application on your Android phone!
The notification on the phone in this image is from spyware, not the app
Once the application is installed, “the device is registered with Firebase Command and Control (C&C) with details such as the presence or absence of WhatsApp, the battery percentage, the storage statistics, the token received from the Firebase messaging service and the type of Internet connection. ” Spyware is activated when various conditions take effect, such as adding a new contact, receiving a new SMS, or installing a new application. Spyware is always looking for something to, well, spy on. If it detects that a phone call is in progress, it will record the conversation, add the updated call log, and store the information on a command and control (C&C) server as an encrypted ZIP file. To make sure there are no traces of what happened, the spyware deletes the files as soon as it receives a thumbs-up from the server indicating that the files have been received.
The data is then placed in various folders in the spyware’s private storage. One characteristic of spyware is that it always wants new data. For example, if malicious software is set to collect a new photo after 40 minutes, that is exactly what will happen. Location data is collected using GPS or over the network, depending on which has the most recent data. If the current data is more than five minutes old, the location data is collected and stored once more.
The spyware will create a false notification if the screen of the infected device is off when a command is received through the Firebase messaging service. One of the things this spyware does includes stealing thumbnail images and videos.
There is no doubt that this is a dangerous application. Perhaps the best thing to do is to avoid downloading an application called “Software Update”. Or you may want to consider staying away from third-party app stores entirely. After all, check out this list of things this malicious app can do:
- Steal instant messaging messages;
- Steal IM database files (if root is available);
- Inspect your default browser bookmarks and searches;
- Inspect the bookmarks and search history of browsers such as Google Chrome, Mozilla Firefox and Samsung Internet Browser;
- Look for files with certain extensions like .pdf, .doc, .docx and .xls, .xlsx;
- Inspect the clipboard data;
- Inspect the content of notifications;
- Record audio and phone calls;
- Take timed photos through the front or rear cameras;
- Create a list of installed applications;
- Monitor GPS location;
- Steal SMS messages; phone contacts, pictures and videos, and call logs;
- Delete device information such as installed applications, device name and storage statistics; and
- hide the menu icon and the app drawer of the device.
You can see why it is important to avoid this app at all costs.