 |
| System Update .. Spyware disguised as a system update |
Security researchers at mobile security company Zimperium said: It is said that a powerful new Android malware called System Update is an important system update that can fully control the victim's device and steal its data.
The malware was found in the system update app, which should have installed outside of Google Play.
Once the user installs it, the app hides the data and secretly extracts it from the victim's device to the operator's server.
Zimperium said that after the victim installs the malicious application, the malware will contact the launcher's Firebase server, which is used to remotely control the device.
Spyware can steal messages, contacts, device details, browser bookmarks, search history, call history, audio surrounding the microphone, and taking pictures with the device's camera.
The malware also tracks the victim's location, searches for document files, and takes care of data copied from the device's clipboard.
System update malware disappears from the victim and evades capture by uploading thumbnails instead of the full image to the attacker's server to reduce the amount of network data it uses.
The malware has also gathered the most recent data, including location and photos, and Zimperium said the malware was likely part of a targeted attack.
She added: It's the most advanced program we've ever seen. We think a lot of time and effort has been put into creating this app and we also believe that there are other similar apps out there and we'll do our best to find them ASAP.
Attempting to trick someone into installing a malicious application is an easy and effective way for hackers to attack a victim's device. For this reason, Android devices warn users against installing apps outside of the App Store.
However, many older devices do not run with the latest apps, forcing users to rely on old versions of apps in the App Store.
In the early days of the Internet, RAT allowed victim monitoring via a webcam. These malware can remotely access a victim's computer with different shapes and names, but their effects are roughly the same.
Zimperium confirmed that the malicious app was not installed by Google Play, and researchers were not sure who created or targeted the malware.
They said: We are seeing more and more RAT software on mobile devices, the complexity seems to be increasing and the participants seem to realize that mobile devices have the same amount of information, but their security is much worse than a webcam.