Security researchers at mobile security company Zimperium say: A powerful new Android malware called System Update masquerades as a critical system update that can take full control of the victim’s device and steal his data.
The malware was found bundled in the System Update app, which should have been installed outside of Google Play.
After installation by the user, the app hides and surreptitiously pulls data from the victim’s device to the operator’s servers.
And theShe said Zimperium Corporation: After the victim installs the malicious application, the malware contacts the launcher’s Firebase server, which is used to remotely control the device.
Spyware can steal messages, contacts, device details, browser bookmarks, search history, call recording, surround sound from the microphone, and take pictures with phone cameras.
The malware also tracks the victim’s location, searches for document files, and takes over the data copied from the device’s clipboard.
The System Update malware disappears from the victim and tries to evade the capture by reducing the amount of network data it consumes by uploading thumbnails to the attacker’s servers instead of the full image.
The malware also captures the most recent data, including location and photos. Zimperium said the malware was most likely part of a targeted attack.
She added: It is the most advanced that we have seen, and we believe that a lot of time and effort has been put into creating this application, and we also believe that there are other applications like this, and we try our best to find them as soon as possible.
Tricking someone into installing a malicious app is an easy and effective way to hack a victim’s device, which is why Android devices warn users against installing apps outside of the app store.
But many older devices are not running the latest apps, forcing users to rely on old versions of their apps from app stores.
In the early days of the Internet, RAT software allowed to spy on victims through webcams. This type of malware has long-range access to a victim’s machine in a variety of shapes and names, but it does pretty much the same thing.
Zimperium confirmed that the malicious application was not installed via Google Play, and researchers do not know who made the malware or who targeted it.
And they said: We are starting to see an increasing number of RAT software across mobile devices, and the level of sophistication seems to be on the rise, and it seems that actors have realized that mobile devices have the same amount of information but that they are much less protected than web cameras.