Thursday, March 28, 2024

Google Blocked a new Spyware Family Lipizzan

Google Blocked a new Spyware Family Lipizzan that is capable of extracting user’s email, SMS messages, location, voice calls, and media. They examined the code and it refers to famous cyber arm company Equus Technologies.

Lipizzan was blocked by Google in its early stage itself, they found around 20 Lipizzan apps and less than 100 devices in total. They keep on Enhancing Google Play Protect capabilities to block more sophisticated spyware attacks.

Also read Trojan Embedded Game BlazBlue Downloaded by More than Million Android Users from PlayStore

Execution Flow

It is a sophisticated Multistaged spyware, the first stage was identified by Google play protect that imitate app like backup and Cleaner. After the installation, Lipizzan would load stage two “license verification” which survives infected device.

Then it would root the device with known exploits and extracts data to C&C server. It is capable of performing the following tasks.

Call recording
VOIP recording
Recording from the device microphone
Location monitoring
Taking screenshots
Taking photos with the device camera(s)
Fetching device information and files
Fetching user information (contacts, call logs, SMS, application-specific data)

Somehow Lipizzan Authors aware that Google detected and taken down the spyware, so they came up with the similar app with a couple of new changes. They have done Changes with the file name and also in the way of downloading stage two.

Even though the app type and the stage downloading method changed, security experts from blocked it as soon after upload. You get a complete list of samples from Android developers blog page.

Common Defences

  • To stay secure use a reputable mobile security solution to detect and remove the threats.
  • Do download apps only from the official market.
  • Before downloading, check for the number of installs, ratings and, most importantly, the content of reviews.
  • Ensure you have opted into Google Play Protect.
  • Keep your phone patched to the latest Android security update.
Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles