Security News > 2021 > March > New Android malware spies on you while posing as a System Update
New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is ready for exfiltration.
Zimperium researchers who spotted it said that it's capable of "Stealing data, messages, images and taking control of Android phones."
Once installed on an Android device, the malware will send several pieces of info to its Firebase command-and-control server, including storage stats, the internet connection type, and the presence of various apps such as WhatsApp.
Unlike other malware designed to steal data, this one will get triggered using Android's contentObserver and Broadcast receivers only when some conditions are met, like the addition of a new contact, new text messages, or new apps being installed.
The malware will also display fake "Searching for update." system update notifications when it receives new commands from its masters to camouflage its malicious activity.
Unlike other malware that harvests data in bulk, this one will also make sure that it exfiltrates only the most recent data, collecting location data created and photos taken within the last few minutes.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)