Cyber criminals keep hiding malicious software in smartphone apps. A particularly malicious malware now even disguises itself as a system update.
System updates for Android smartphones are actually supposed to help protect a device from malware. They often contain security patches that eliminate known vulnerabilities. Many trust that they will protect themselves with updates. But a new type of malware exploits precisely this trust.
Malware disguises itself as an Android update
Zimperium’s research team has found malicious software that appears as an update notification on Android smartphones. If you click on the notification, the malware takes control of the Android smartphone and reads messages, pictures, videos and other data. According to the report, attackers can “record audio and calls, take photos, view browser history, access WhatsApp messages and more”. The malware can even read the location and access data from the clipboard and files from the smartphone memory. The complete list can be found in the Zimperium security report .
The malware was only noticed because Zimperium’s malware scanner jumped on it. Upon closer inspection, the research team found that it was a novel and sophisticated spyware attack (espionage software). The malware could not be detected in advance of Google’s security measures because the app cannot be found in the Google Play Store.
Also interesting: Android apps crash due to an incorrect update
Beware of apps from unsafe sources
It is a “Remote Access Trojan” (RAT). This means that the app can receive commands remotely to access data or perform actions. The app is hidden so that it does not appear on the home screen and the app library.
The app loads data piece by piece onto the smartphone in order to make it more difficult to discover itself. Smaller amounts of data are hardly noticeable, so that the malware can remain undetected. It can be triggered by a call, a text message, installing an app or adding a new contact.
The good news is that the app wasn’t from the Google Play Store. It can only be accessed on the smartphone via an alternative app store or directly from the Internet browser. If you are installing an app that is not from the Google Play Store, you should always check that it is from a safe source. And even when loading apps from the Play Store, it is important to check reviews and the developer studio beforehand. It has happened often enough that malware-infected apps have slipped through Google’s security measures.