A powerful new Android malware disguised as a crucial critical system update has been discovered by cybersecurity researchers. The malware can take complete control of a victim’s mobile device, leading to stealing personal private and financial data.
This android malware was bundled with an app named “System Update” installed outside of Google Play Store, and App stores at the user’s own discretion.
After its successful installation, the application hides and will stealthily exfiltrate data from the device toward the malware operator’s servers.
The mobile security firm that discovered the malicious app being distributed into the wild added that once the install is complete, the malware automatically communicates and registers to the operator’s firebase server, where remote commands can be executed locally on the mobile device. This spyware can steal SMS messages, contacts, device information, bookmarks and browser search history, recorded calls and sounds from the microphone, and take photos using the mobile device’s camera. The malware can also track the victim’s location, search and copy document files and clipboard data for extraction.
Further analysis revealed that the android malware can evade detection by reducing the network data it consumes by utilizing thumbnails for uploading to the operator’s server rather than full images.
Masquerading as a legitimate installer file is a simple but effective way to trick users into installing a malicious application into their mobile devices. That is why Google Android strongly advise and warns users to not install applications outside of Play Store. The problem is that many older devices can’t run the latest and more secure version of the apps available, which forces them to rely on older releases with bootleg app stores as a download source. The Google Play Store uses filters that screen the applications to prevent malicious apps from reaching Android device users.
The kind of malware is categorized as Remote Access Trojan or RAT. It is powerful enough and has far-reaching access to the victim’s mobile device. In the early days of the web, these kinds of spyware enable hackers to snoop on victims via their webcams. Today, child monitoring apps are often repurposed to spy or stalk a person.
We indeed see an increase of remote access trojan variety with different sophistication and features. It seems that Threat tactors and hackers realized that mobile has a critical information content and are less protected than traditional endpoint units.