This Android app pretends to be a system update, it is actually a malware that steals user data
A new malware for android has recently been discovered. This type of software generally seeks to trick the user into accessing the system and from there take advantage of it. In this case, the cheating method is the most curious, a system update. But even worse is what it does afterwards: from accessing contacts to spying on all the user’s browsing history and data.
The malware calls itself, of course, System update. It is an application that was discovered by security researchers at Zimperium. The app falls into the category of remote access Trojans, which refers to malware that allows remote control of the device without being physically present.
The promise of updating the mobile
System Update appears as an app that promises to help keep your device up to date. In reality what it does is monitor all the movements of the user on the phone and report all this by sending the data to a third party. From Zimperium they assure that it is “easily the most sophisticated remote access Trojan” they have seen to date. Of course, perhaps not as sophisticated as malware that reinstalls only even when restoring the phone from the factory.
Since it has full access to the device it infects, the data it steals is vast and varied. You can, for example, read messages from instant messaging apps, collect the user’s call or contact history, photos and videos stored on the mobile, browser browsing history, location data … And practically data from any app installed on the mobile phone.
In addition to collecting information, the Trojan is also capable of taking, for example, photographs or turning on the microphone of the phone to record audios for example. These actions are usually performed when you receive some type of information or event that arouses your interest, for example when you receive a phone call, you are able to automatically activate the microphone to record the audio.
The app, luckily, has not been available on Google Play. Instead, its APG has been distributed over the web or offered in third-party stores with the promise of improving the phone by updating the system. Researchers believe that there are more apps like that and doing the same as System Update, hence they want to keep looking to investigate the matter.
The best the user can do is, as always, be cautious. Install applications and download files from trusted sources, as well as be suspicious of anything that offers great access or control of the device.
Via | Blog Zimperium