Android-powered smartphones are reportedly facing threats from a new malware masquerading as a critical system update, researchers at mobile security firm Zimperium zLabs found. The new ‘advanced’ malware is capable of stealing personal data such as text messages, images, contacts and more. It is even capable of taking full control of the Android smartphone, the research firm notes. In a blog post, Zimperium explains that hackers can remotely execute commands (Remote Access Trojan) and perform a wide range of malicious actions once the bug takes control of the system. The bug comes bundled with an Android app called “System Update” that has to be installed outside of Google Play.
Speaking more over the development, Zimperium CEO Shridhar Mittal told TechCrunch that the malware was likely part of a targeted attack. “It is easily the most sophisticated we’ve seen. I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible,” he added.
The security firm notes that upon installation (from a third party store), the malware communicates with the operator’s Firebase server – used to control the smartphone remotely. The collected data is then organised into several folders inside the spyware’s private storage. The “System Update” can even create a malicious notification that might appear to be a legitimate software update alert. “Apart from the various types of personal data stolen from the victim, the spyware wants more private data such as the victim’s bookmarks and search history from popular browsers like Google Chrome, Mozilla Firefox, and the Samsung Internet Browser,” the blog post highlights.
One of the easiest ways to avoid such malicious apps is not to download files outside Google Play Store. Mittal also confirmed to the publication that the malicious “System Update” app has never appeared on Google Play. On the other hand, Google is yet to address the issue publicly.