According to researchers at mobile security company Zimperium zLabs, Android smartphones face threats from new malware masquerading as a critical system update. The new “ advanced ” malware is capable of stealing personal data such as text messages, images, contacts and more. It is even able to take full control of the Android smartphone, notes the research firm. In a blog post, Zimperium explains that hackers can execute Remote Access Trojans and perform a wide range of malicious actions once the bug takes control of the system. The bug comes with an Android app called “System Update” which must be installed outside of Google Play.
Speaking further on the development, Zimperium CEO Shridhar Mittal told TechCrunch that the malware was likely part of a targeted attack. “It’s by far the most sophisticated we’ve seen. I think a lot of time and effort has gone into creating this app. We believe there are other apps like this and we’re doing our best to find them as quickly as possible, ”he added.
The security firm notes that during installation (from a third-party store), the malware communicates with the operator’s Firebase server – used to control the smartphone remotely. The collected data is then organized in several folders inside the private storage of the spyware. The “system update” can even create a malicious notification that may appear to be a legitimate software update alert. “Besides the different types of personal data stolen from the victim, the spyware wants more private data like victim’s bookmarks and search history from popular browsers like Google Chrome, Mozilla Firefox and Samsung’s internet browser », Underlines the blog post.
One of the easiest ways to avoid such malicious apps is not to download files outside of Google Play Store. Mittal also confirmed to the post that the malicious “System Update” application had never appeared on Google Play. On the other hand, Google has yet to resolve the issue publicly.