Spyware pretends to be an Android system update to infect devices

by ·

A research team from the American security company Zimperium discovered super spyware that pretended to be an update to the Android system.

The entire structure of this spyware is very complex and has many functions. When it infects an Android device, it will perform a variety of malicious operations and collect all the information on the user’s device.

The security company said that the development team of the spyware is very smart because many Android devices cannot upgrade the system, resulting in some applications that cannot be used normally.

Therefore, when the user sees the software that claims to be an update of the Android system, he can’t wait to install it, knowing that this happens to be a hacker’s trap to infect the device.

It’s easily the most sophisticated we’ve seen,” said Zimperium CEO Shridhar Mittal. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”

Image: Zimperium

The information collected by the spyware includes all contacts in the address book, SMS records, device details, browser bookmarks, search and history records, stored files, clipboard, location information.

At the same time, research has found that the spyware also uses microphones and cameras for surveillance, such as using a microphone to continuously monitor the conversation between the victim and others.

The camera is used to take photos and send them back to the server for analysis of the target, and even compress them before uploading the photos to avoid consuming too much traffic to be discovered.

The CEO of Zimperium believes that the software may be a targeted attack, that is, the purpose of the attacker may be a very small number of specific users rather than a wide range of users.

After all, it takes a lot of time to develop such complex malware, neither advertising nor installing other apps, which shows that the attacker’s purpose is not to seek money.

Since it is not seeking money, it is likely to be a targeted espionage attack. In fact, many similar attacks have occurred before and are considered espionage.

It is well known that the fragmented Android ecosystem prevents many devices from upgrading to the latest version, and some applications no longer support the old version of the Android system that is too old.

Therefore, many users eagerly hope that their devices can be upgraded to bring more functions, or they can use more apps without being restricted.

Therefore, it is indeed a clever point for an attacker to use the system update as a phishing head. Obviously, after seeing this kind of prompt, the user will click to confirm and hope to get the update.

Although such updates are very common nowadays, security companies believe that this must be a cause for concern, because smartphones now carry too much personal information.

Smartphone users may also pay very little attention to security, so this also gives attackers more opportunities, but there is actually no solution.

Via: TechCrunch

Tags: