There’s a new powerful spyware made for the Android platform and which pretends to be a “System Update” utility, but all that it does is exfiltrate the victim’s sensitive details. More specifically, according to a report by researchers of Zimperium who discovered the malware, it is a complex piece of software that is delivered via a sophisticated campaign.
The thing is, though, this is an app for desperate users who want to update their Android system - and one that you will only find in shady third-party stored, not Google’s Play Store.
This spyware's sheer capabilities make up for its slim targeting scope, as it can steal almost everything from an infected device. Here’s a full list of what it can do:
The malware is constantly monitoring the activity on the infected device, and whenever something “interesting” happens, it automatically activates the corresponding module to record and exfiltrate the collected data. This happens after packing everything in a ZIP file, encrypting it, and sending it to the dedicated C2 server. These are “hxxps://mypro-b3435.firebaseio.com” and “hxxps://licences.website/backendNew/public/api/”.
The spyware also performs several functions to ensure that the quality of its operation meets a certain level. For example, it doesn’t collect location data that is older than five minutes, and it ignores photos taken longer than 40 minutes before. Also, it features code to prevent battery optimizations from affecting or interrupting its operation.
In summary, this is yet another example underlining why you shouldn’t trust any app store you may find online and why you should opt to source your Android software from the official store, the Play Store.