Android users: under no conditions should you download this spyware on your phone!

Software security firm Zimperium says that a sophisticated new malicious Android app, masquerading as a system update app, can wreak havoc on your phone and your life. The application can transfer control of your Android phone to bad actors who will be able to steal messages, data, images, take photos, check your browser history, record phone calls and audio, view your WhatsApp messages and much more. In fact, this is a serious feat.

Do not download this application on your Android phone!

The System Update app has never been on the Google Play Store, a fact confirmed by Google. Researchers at zLabs discovered the application and, after conducting an investigation, discovered that it was a sophisticated spyware campaign with complex capabilities. Now we know exactly what you are thinking. How long will Pizza Hut take to deliver a green pepper, onion, and pineapple pizza? The second thought you have in mind is that if the app has never been listed on the Google Play Store, how did it get installed on your Android phone? The answer is simple, actually. It was installed by downloading a malicious app from a third-party app store.

Once the application is installed, “the device is registered with Firebase Command and Control (C&C) with details such as the presence or absence of WhatsApp, the battery percentage, the storage statistics, the token received from the Firebase messaging service and the type of Internet connection. ” Spyware is activated when various conditions take effect, such as adding a new contact, receiving a new SMS, or installing a new application. Spyware is always looking for something to, well, spy on. If it detects that a phone call is in progress, it will record the conversation, add the updated call log, and store the information on a command and control (C&C) server as an encrypted ZIP file. To make sure there are no traces of what happened, the spyware deletes the files as soon as it receives a thumbs-up from the server indicating that the files have been received.

The data is then placed in various folders in the spyware’s private storage. One characteristic of spyware is that it always wants new data. For example, if malicious software is set to collect a new photo after 40 minutes, that is exactly what will happen. Location data is collected using GPS or over the network, depending on which has the most recent data. If the current data is more than five minutes old, the location data is collected and stored once more.

The spyware will create a false notification if the screen of the infected device is off when a command is received through the Firebase messaging service. One of the things this spyware does includes stealing thumbnail images and videos.

There is no doubt that this is a dangerous application. Perhaps the best thing to do is to avoid downloading an application called “Software Update”. Or you may want to consider staying away from third-party app stores entirely. After all, check out this list of things this malicious app can do:

  • Steal instant messaging messages;
  • Steal IM database files (if root is available);
  • Inspect your default browser bookmarks and searches;
  • Inspect the bookmarks and search history of browsers such as Google Chrome, Mozilla Firefox and Samsung Internet Browser;
  • Look for files with certain extensions like .pdf, .doc, .docx and .xls, .xlsx;
  • Inspect the clipboard data;
  • Inspect the content of notifications;
  • Record audio and phone calls;
  • Take timed photos through the front or rear cameras;
  • Create a list of installed applications;
  • Monitor GPS location;
  • Steal SMS messages; phone contacts, pictures and videos, and call logs;
  • Delete device information such as installed applications, device name and storage statistics; and
  • hide the menu icon and the app drawer of the device.

You can see why it is important to avoid this app at all costs.

Source link