A new malware is now trending, spreading among Android smartphones in form of system update. in theory, allows attackers to take full control of the victim’s device.
The head of the security company Zimperium, Shridhar Mittal, told reporters about the new malware. The application which is called System Update is not installed from Google Play, but from third-party sources as part of a package of useful utilities. Shridhar has confirmed that this app has never appeared on Google Play. In doing so, the application is disguised using an alert similar to verified updates from Google.
After installation, the application hides and then secretly collects and sends data from the victim’s device to the attackers’ servers. Firebase servers are also used to remotely control the device.
They can transfer messages, contacts, device information, bookmarks and browsing history to the wrong hands, record calls and even ambient sounds from the built-in microphone, and take photos using smartphone cameras. In addition, the location of the device is tracked, documents are searched in memory, and information is copied when entered from the keyboard.
To reduce the risk of being caught, the malware reduces the amount of traffic consumed by uploading thumbnails rather than entire images to the attacker’s servers. The malware also collects the most recent data, including location and photos.