Beware of this newly discovered Android spyware that pretends to be a system update

Humza

Posts: 825   +161
Staff member
Bottom line: A rather nasty malicious Android app going by the name of "System Updates" has been discovered by security researchers from Zimperium. While it's not a cause for concern to regular users who rely on Google's Play Store for app installs and updates, those in the sideloading club should take note of this spyware, which presents itself as a system update but actually spends the time silently exfiltrating pretty much all user data to the attacker's server in an encrypted zip file without leaving a trace.

Installing apps from outside the Play Store is a risky venture but one that Android users often undertake if they want to downgrade/upgrade to a particular app version, bypass location restrictions, or keep in touch with their favorite app if it ever gets discontinued officially. The security risks, however, can be equally off-putting, which is why the toggle for sideloading apps is turned off by default.

Yet another case in point is a spyware app recently discovered by Zimperium researchers called "System Update" that instead of addressing the platform's most common user complaint (I.e., timely system updates), displays a fake "Searching for update" notification as it gets busy stealing user data in the background and uploading them to the attacker's server.

Zimperium's analysis of the malware code reveals that the app not only collects information from usual points of interest like call and SMS data, Whatsapp messages, location, clipboard, bookmarks, and browser history, but it can also completely take control of the victim's device to record audio clips as well as periodically take pictures.

The app has also been cleverly crafted to avoid high bandwidth use and raise user/system suspicion. It scans for documents less than 30MB in size and captures thumbnails of recent images and videos, organizes them into several folders inside its own private storage, and uploads their encrypted zip file to the attacker's server, followed by a deletion on local storage to remove any traces.

"It’s easily the most sophisticated we’ve seen,” said Zimperium CEO Shridhar Mittal, who believed that a lot of time and effort went into making this malicious app and that it was likely part of a targeted attack.

Permalink to story.

 

ZedRM

Posts: 420   +242
This is an example of someone making a mountain out of a molehill. No one smart enough to understand sideloading is going to download and install an app called "System Update". Much ado about nothing.
 

Markoni35

Posts: 1,025   +411
"...analysis of the malware code reveals that the app not only collects information from usual points of interest like call and SMS data, Whatsapp messages, location, clipboard, bookmarks, and browser history, but it can also completely take control of the victim's device to record audio clips as well as periodically take pictures."

So, how is this different from the usual Android Update app?

I'd say this app was following the Google guidelines to the point.
 

captaincranky

Posts: 16,520   +5,320
So, how is this different from the usual Android Update app?

I'd say this app was following the Google guidelines to the point.
Well...., because you can trust Google to steal all your information, but not use it for malicious purposes, such as tracking you around the web, and putting unsolicited ads into your Gmail account....:rolleyes:
 

Danny101

Posts: 1,617   +693
This is an example of someone making a mountain out of a molehill. No one smart enough to understand sideloading is going to download and install an app called "System Update". Much ado about nothing.
My initial thoughts exactly. Fear News Porn. The news cycle loves those headlines. It draws views. It's more apparent everyday. Psychologically, humans are rubber neckers for tragedy. We can't help but look.
 

Markoni35

Posts: 1,025   +411
Well...., because you can trust Google to steal all your information, but not use it for malicious purposes, such as tracking you around the web, and putting unsolicited ads into your Gmail account....:rolleyes:

Yes, I have total confidence in Google. I mean, wasn't their campaign "Don't be evil". And I wasn't. My mistake.