Security News > 2021 > March > Watch Out! That Android System Update May Contain A Powerful Spyware
Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls.
While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices.
"The spyware creates a notification if the device's screen is off when it receives a command using the Firebase messaging service," Zimperium researchers said in a Friday analysis.
Once installed, the sophisticated spyware campaign sets about its task by registering the device with a Firebase command-and-control server with information such as battery percentage, storage stats, and whether the phone has WhatsApp installed, followed by amassing and exporting any data of interest to the server in the form of an encrypted ZIP file.
The spyware features myriad capabilities with a focus on stealth, including tactics to pilfer contacts, browser bookmarks, and search history, steal messages by abusing accessibility services, record audio, and phone calls, and take photos using the phone's cameras.
In a further bid to evade detection and fly under the radar, the spyware also reduces its bandwidth consumption by uploading thumbnails as opposed to the actual images and videos present in external storage.