Zimperium zLabs researchers discovered a new Android venomous app disguising itself as “System Update” application. The app is for those users who intend to update their devices. It is not available on the App Store and can be only found in third-party stores.
The Main Motive of Malware:
The ulterior motive of the app is to take full control of the Android phones, which ultimately results in acquiring all the information of the user, such as:
• Stealing messenger messages and all of its database files
• Inspecting the browser’s bookmark, search history through Google Chrome, Mozilla Firefox, and Samsung Internet Browser
• All the docs, pdfs, and interior work files
• Content of notifications
• Phone calls
• Recordings of both audios and phone calls
• Snapping pictures through both front and back cameras
• Getting all the images and videos of the device
• All the installed applications
• Recent locations
• Phone contacts, messages, and logs
• Concealing the presence by hiding the icon from the device’s drawer/menu
How It Steals Data:
After being installed in a device, the spyware enrolls itself with a Firebase command and Control (C2) server. With that, it automatically controls the presence of applications, battery percentage, and storage stats. The malware exfiltrates data from the infected devices in the form of an encrypted ZIP file.
It always keeps a track of the activities of the device. Whenever the user does anything specific on its device, the malware automatically gets notified regarding this and transfers it to a server controlled by hackers. In addition, it usually attacks the most recent activity.
It can affect iOS users as well. This is why the researchers are warning users to beware of this malware and always use authentic sources for installing applications.