New malware disguises itself as a system update for Android smartphones
Attackers can take full control of the victim's device
New malware began to spread among smartphones running the Android operating system - the malware masquerades as a system update and, in theory, allows attackers to take full control of the victim's device.
Shridhar Mittal, the head of the security company Zimperium, told reporters about the new scourge. An application called System Update is not installed from Google Play, but from third-party sources as part of a package of useful utilities. Sridhar Mittal has confirmed that this app has never appeared on Google Play. In doing so, the application is disguised using an alert similar to verified updates from Google.
After installation, the application "hides" and then secretly collects and sends data from the victim's device to the attackers' servers. Firebase servers are also used for remote device management.
Spyware can transfer messages, contacts, device information, bookmarks and browsing history to the wrong hands, record calls and even ambient sounds from the built-in microphone, and take photos using smartphone cameras. In addition, the location of the device is tracked, documents are searched in memory, and information is copied when entered from the keyboard.
To reduce the risk of being caught, the malware reduces the amount of traffic consumed by uploading thumbnails rather than entire images to the attacker's servers. The malware also collects the most recent data, including location and photos.