Saturday, June 22, 2024

Google Blocked a new Spyware Family Lipizzan

Google Blocked a new Spyware Family Lipizzan that is capable of extracting user’s email, SMS messages, location, voice calls, and media. They examined the code and it refers to famous cyber arm company Equus Technologies.

Lipizzan was blocked by Google in its early stage itself, they found around 20 Lipizzan apps and less than 100 devices in total. They keep on Enhancing Google Play Protect capabilities to block more sophisticated spyware attacks.

Also read Trojan Embedded Game BlazBlue Downloaded by More than Million Android Users from PlayStore

Execution Flow

It is a sophisticated Multistaged spyware, the first stage was identified by Google play protect that imitate app like backup and Cleaner. After the installation, Lipizzan would load stage two “license verification” which survives infected device.

Then it would root the device with known exploits and extracts data to C&C server. It is capable of performing the following tasks.

Call recording
VOIP recording
Recording from the device microphone
Location monitoring
Taking screenshots
Taking photos with the device camera(s)
Fetching device information and files
Fetching user information (contacts, call logs, SMS, application-specific data)

Somehow Lipizzan Authors aware that Google detected and taken down the spyware, so they came up with the similar app with a couple of new changes. They have done Changes with the file name and also in the way of downloading stage two.

Even though the app type and the stage downloading method changed, security experts from blocked it as soon after upload. You get a complete list of samples from Android developers blog page.

Common Defences

  • To stay secure use a reputable mobile security solution to detect and remove the threats.
  • Do download apps only from the official market.
  • Before downloading, check for the number of installs, ratings and, most importantly, the content of reviews.
  • Ensure you have opted into Google Play Protect.
  • Keep your phone patched to the latest Android security update.

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles