Beware of this newly discovered Android spyware that pretends to be a system update

Humza

Humza

Posts: 1,026   +171
Staff member
Bottom line: A rather nasty malicious Android app going by the name of "System Updates" has been discovered by security researchers from Zimperium. While it's not a cause for concern to regular users who rely on Google's Play Store for app installs and updates, those in the sideloading club should take note of this spyware, which presents itself as a system update but actually spends the time silently exfiltrating pretty much all user data to the attacker's server in an encrypted zip file without leaving a trace.

Installing apps from outside the Play Store is a risky venture but one that Android users often undertake if they want to downgrade/upgrade to a particular app version, bypass location restrictions, or keep in touch with their favorite app if it ever gets discontinued officially. The security risks, however, can be equally off-putting, which is why the toggle for sideloading apps is turned off by default.

Yet another case in point is a spyware app recently discovered by Zimperium researchers called "System Update" that instead of addressing the platform's most common user complaint (I.e., timely system updates), displays a fake "Searching for update" notification as it gets busy stealing user data in the background and uploading them to the attacker's server.

Zimperium's analysis of the malware code reveals that the app not only collects information from usual points of interest like call and SMS data, Whatsapp messages, location, clipboard, bookmarks, and browser history, but it can also completely take control of the victim's device to record audio clips as well as periodically take pictures.

The app has also been cleverly crafted to avoid high bandwidth use and raise user/system suspicion. It scans for documents less than 30MB in size and captures thumbnails of recent images and videos, organizes them into several folders inside its own private storage, and uploads their encrypted zip file to the attacker's server, followed by a deletion on local storage to remove any traces.

"It’s easily the most sophisticated we’ve seen,” said Zimperium CEO Shridhar Mittal, who believed that a lot of time and effort went into making this malicious app and that it was likely part of a targeted attack.

Permalink to story.

https://www.techspot.com/news/89081-beware-newly-discovered-android-spyware-pretends-system-update.html

 
This is an example of someone making a mountain out of a molehill. No one smart enough to understand sideloading is going to download and install an app called "System Update". Much ado about nothing.
 
  • Like
Reactions: Danny101
"...analysis of the malware code reveals that the app not only collects information from usual points of interest like call and SMS data, Whatsapp messages, location, clipboard, bookmarks, and browser history, but it can also completely take control of the victim's device to record audio clips as well as periodically take pictures."

So, how is this different from the usual Android Update app?

I'd say this app was following the Google guidelines to the point.
 
Markoni35 said:
So, how is this different from the usual Android Update app?

I'd say this app was following the Google guidelines to the point.
Click to expand...
Well...., because you can trust Google to steal all your information, but not use it for malicious purposes, such as tracking you around the web, and putting unsolicited ads into your Gmail account....:rolleyes:
 
ZedRM said:
This is an example of someone making a mountain out of a molehill. No one smart enough to understand sideloading is going to download and install an app called "System Update". Much ado about nothing.
Click to expand...
My initial thoughts exactly. Fear News Porn. The news cycle loves those headlines. It draws views. It's more apparent everyday. Psychologically, humans are rubber neckers for tragedy. We can't help but look.
 
  • Like
Reactions: ZedRM
captaincranky said:
Well...., because you can trust Google to steal all your information, but not use it for malicious purposes, such as tracking you around the web, and putting unsolicited ads into your Gmail account....:rolleyes:
Click to expand...

Yes, I have total confidence in Google. I mean, wasn't their campaign "Don't be evil". And I wasn't. My mistake.
 
You must log in or register to reply here.

Similar threads

A
DARPA and Northrop Grumman are exploring the concept of a lunar train and railroad system
Replies
7
Views
272
Endymio
Endymio
midian182
  • Locked
Google sues alleged crypto scammers who uploaded fraudulent apps to the Play Store
Replies
24
Views
275
emmzo
E
midian182
Despite increasing to $16.8 million, Intel CEO Pat Gelsinger's compensation still pales in comparison to AMD's Lisa Su
Replies
9
Views
188
Silkaura
S

Latest posts

Back