Windows 10 News and info | Forum
April 12, 2021, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Watch Out! That Android System Update May Contain A Powerful Spyware  (Read 24 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 32395

I Do Windows

WWW Email
« on: March 28, 2021, 03:57:21 PM »

Researchers have discovered a new information-stealing Trojan, which targets Android devices with an onslaught of data-exfiltration capabilities from collecting browser searches to recording audio and phone calls.

While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices.

"The spyware creates a notification if the device's screen is off when it receives a command using the Firebase messaging service," Zimperium researchers said in a Friday analysis. "The 'Searching for an update..' is not a legitimate notification from the operating system, but the spyware."

Once installed, the sophisticated spyware campaign sets about its task by registering the device with a Firebase command-and-control (C2) server with information such as battery percentage, storage stats, and whether the phone has WhatsApp installed, followed by amassing and exporting any data of interest to the server in the form of an encrypted ZIP file.

click to enlarge
The spyware features myriad capabilities with a focus on stealth, including tactics to pilfer contacts, browser bookmarks, and search history, steal messages by abusing accessibility services, record audio, and phone calls, and take photos using the phone's cameras. It can also track the victim's location, search for files with specific extensions, and grab data from the device's clipboard.

"The spyware's functionality and data exfiltration are triggered under multiple conditions, such as a new contact added, new SMS received or, a new application installed by making use of Android's contentObserver and Broadcast receivers," the researchers said.

What's more, the malware not only organizes the collected data into several folders inside its private storage, it also wipes out any trace of malicious activity by deleting the ZIP files as soon as it receives a "success" message from the C2 server post exfiltration. In a further bid to evade detection and fly under the radar, the spyware also reduces its bandwidth consumption by uploading thumbnails as opposed to the actual images and videos present in external storage.

Although the "System Update" app was never distributed through the official Google Play Store, the research once again highlights how third-party app stores can harbor dangerous malware. The identity of the malware authors, the targeted victims, and the ultimate motive behind the campaign remains unclear as yet.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 10, 2021, 03:20:37 PM