Saturday, October 12, 2024
HomeMalwareGoogle Blocked a new Spyware Family Lipizzan

Google Blocked a new Spyware Family Lipizzan

Published on

Malware protection

Google Blocked a new Spyware Family Lipizzan that is capable of extracting user’s email, SMS messages, location, voice calls, and media. They examined the code and it refers to famous cyber arm company Equus Technologies.

Lipizzan was blocked by Google in its early stage itself, they found around 20 Lipizzan apps and less than 100 devices in total. They keep on Enhancing Google Play Protect capabilities to block more sophisticated spyware attacks.

Also read Trojan Embedded Game BlazBlue Downloaded by More than Million Android Users from PlayStore

- Advertisement - SIEM as a Service

Execution Flow

It is a sophisticated Multistaged spyware, the first stage was identified by Google play protect that imitate app like backup and Cleaner. After the installation, Lipizzan would load stage two “license verification” which survives infected device.

Then it would root the device with known exploits and extracts data to C&C server. It is capable of performing the following tasks.

Call recording
VOIP recording
Recording from the device microphone
Location monitoring
Taking screenshots
Taking photos with the device camera(s)
Fetching device information and files
Fetching user information (contacts, call logs, SMS, application-specific data)

Somehow Lipizzan Authors aware that Google detected and taken down the spyware, so they came up with the similar app with a couple of new changes. They have done Changes with the file name and also in the way of downloading stage two.

Even though the app type and the stage downloading method changed, security experts from blocked it as soon after upload. You get a complete list of samples from Android developers blog page.

Common Defences

  • To stay secure use a reputable mobile security solution to detect and remove the threats.
  • Do download apps only from the official market.
  • Before downloading, check for the number of installs, ratings and, most importantly, the content of reviews.
  • Ensure you have opted into Google Play Protect.
  • Keep your phone patched to the latest Android security update.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular...

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its...