Security News > 2021 > March > New Android malware spies on you while posing as a System Update
New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is ready for exfiltration.
Zimperium researchers who spotted it said that it's capable of "Stealing data, messages, images and taking control of Android phones."
Once installed on an Android device, the malware will send several pieces of info to its Firebase command-and-control server, including storage stats, the internet connection type, and the presence of various apps such as WhatsApp.
Unlike other malware designed to steal data, this one will get triggered using Android's contentObserver and Broadcast receivers only when some conditions are met, like the addition of a new contact, new text messages, or new apps being installed.
The malware will also display fake "Searching for update." system update notifications when it receives new commands from its masters to camouflage its malicious activity.
Unlike other malware that harvests data in bulk, this one will also make sure that it exfiltrates only the most recent data, collecting location data created and photos taken within the last few minutes.
News URL
Related news
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)