Disguising itself as a System Update app for Android smartphones, a new malware is making the rounds and creating risks for users. Once inside an infected smartphone, the malware can access its information and control the device remotely. With its disguise, the app is targeting users who are looking for the latest updates for their phones.
System updates are part and parcel of the smartphone lifestyle. Even if the auto-update setting isn't toggled on, smartphone users often seek the latest updates for their devices. Every year, for example, Google releases an annual and major update to the Android mobile operating system. However, disguising malware as a new update (or something else entirely) is a potential way to bait unsuspecting users into installing it on their devices.
Zimperium zLab researchers revealed the existence of an app called System Update. According to the report, the app is a Remote Access Trojan that can give malicious parties unauthorized access to a device. The level of access includes instant messaging apps, browsers, contact information, and private messages. Besides accessing the device's data, the malware can also occasionally capture images using the device's cameras and record audio using the phone's microphone. It can also monitor the device's GPS location. Despite its presence on Android, Google has confirmed that the app is not being distributed through the Play Store.
Though the app can only be obtained through a third-party store, unsuspecting users can still install the app, thinking that it can help their device obtain the latest update. However, once the app is installed on a device, it registers the device into a database which will automatically collect the device's battery, storage levels, and whether or not WhatsApp is installed. Once the device is registered, the malware detects any notable activity on the device. When activities — like phone calls or messages — are detected, it saves the data and condenses everything into a zip file. Furthermore, it can pose as a legitimate notification claiming that the app is searching for an update while doing malicious activities in the background. Not to mention, the malware can also make itself invisible from app drawers and program lists, making it all the more harder for the user to uninstall the app.
While this appears to be a highly capable malware, that can also hide itself from view, one positive is that the app is not available to download from the Google Play Store. This alone should ensure most Android users will avoid being affected by the malware. For those who do often use third-party Android app stores, it should hopefully act as a reminder of the dangers.
Source: Zimperium
from ScreenRant - Feed https://ift.tt/3fyPrTb
0 Comments