This Incredibly Dangerous Android Malware Comes As A System Update And Hijacks Your Phone


Cybersecurity researchers at Zimperium (zLab) have uncovered a sophisticated new malicious Android app that can hijack control of your phone, steal data, and make your life a living hell.

According to zLab researchers, the malware masquerades itself as a System Update application, while functioning as a Remote Access Trojan (RAT) for the bad actors who in turn can steal can steal messages, data, images, take photos, go through your browser history, record phone calls and audio, view your WhatsApp messages and do other malicious stuff.

Also Read: 10 Simple Steps to Avoid Getting hacked Online In 2021

"The new malware disguises itself as a System Update application, and is stealing data, messages, images and taking control of Android phone. Once in control, hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more," the report read.

Google confirmed that the System Update app had never been to the Play Store, which might leave you wondering "how the f*** does the app end up on people's devices?" Well, after conducting an investigation, zLab researchers discovered that the app was "a sophisticated spyware campaign with complex capabilities" and that it came to be on some Android device via sideloaded apps from a third-party app store.

Once the app is installed, "the device gets registered with the Firebase Command and Control (C&C) with details such as the presence or absence of WhatsApp battery percentage, storage stats, the token received from the Firebase messaging service, and the type of internet connection."

The spyware gets triggered when multiple conditions take effect such as the receipt of a new SMS, addition of a new contact, or the installation of a new app. At all times, the malware is always looking for something to spy on. 

If it detects a call taking place on the phone, it will record the conversation, add the updated call log, and send the information to a command and control (C&C) server as an encrypted ZIP file. To eliminate any trace of what happened, the spyware deletes the files as soon as it receives a success response from the server stating that the files were uploaded.

The spyware places the collected data into several folders in its private storage, located at "/data/data/com.update.system.important/files/files/system/FOLDER_NAME". 

One characteristic of the spyware is that it always wants fresh data. Let's say if the actors set the malware to harvest a new photo after 40 minutes, it will do exactly that every 40 minutes. When the spyware receives a command using the firebase messaging service, the spyware will create a fake notification if the screen is off.

Also Read: This Company Will Pay You $2,400 To Stay For 24hours without Using Your Smartphone

The researchers adds: "Apart from the various types of personal data stolen from the victim, the spyware wants more private data such as the victim's bookmarks and search history from popular browsers like Google Chrome, Mozilla Firefox, and the Samsung Internet Browser."

Thes are the list of things that the malware does or steals from an infected user's device:

  • Steal instant messenger messages;
  • Steal instant messenger database files (if root is available);
  • Inspect the default browser's bookmark and searches;
  • Inspect bookmark and search history from browsers such as Google Chrome, Mozilla Firefox, and Samsung Internet Browser;
  • Search for files with certain extensions such as .pdf, .doc, .docx, and .xls, .xlsx;
  • Inspect data from clipboard
  • Inspect the content of notifications;
  • Record audio and phone calls;
  • Take pictures on a timed basis through the front or back cameras;
  • Create a list of installed apps;
  • Monitor the GPS location;
  • Steal SMS messages; phone contacts, images & videos, and call logs;
  • Steal device information such as installed applications, device name, storage stats, and;
  • Concealing its presence by hiding the icon from the device's drawer/menu.

How do you avoid getting into such a mess? Avoid sideloading any app called "Software Update", or totally avoid downloading applications from third-party stores.

1 comment:

  1. Cell phone spy software is rapidly becoming one of the most sought after mobile spying programs today. Companies, organizations, spouses and parents are using them to help solve problems of cheating, unfaithfulness and misuses. mspy

    ReplyDelete

Powered by Blogger.