Monday, July 15, 2024
EHA

Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

We should always stay alert and cautious with the applications that we download and install from outside the Play Store since we can download an app with malware that could infect our Android devices.

As recently, the cybersecurity researchers at Zimperium have discovered a malicious app that can be downloaded outside of Google Play (third-party Android app stores). 

Once the user downloads this malicious app on their smartphone, the app contacts the Firebase server and starts controlling the device remotely. Moreover, the security experts have affirmed that this malicious app screen itself as “System Update.”

New Malware: “System Update”

This new “System Update” malware is surprisingly sophisticated malware, and this malware tricks and infects the users by launching a notification that pretends to be a system update.

In this situation, when the user clicks on the notification, the malware asks the user to install this new application, which will later request full access to the device. 

And here once the user grants the access, it will simply take over the control of the device and will get access to all the following things that we have mentioned below:-

  • Messages in messenger apps.
  • If you have root rights, then it will also have access to the messenger database files.
  • Bookmarks.
  • Browsing history.
  • Search history in Chrome, Mozilla Firefox and Samsung browser.
  • Several types of files like .pdf, .doc, .docx, and .xls, .xlsx.
  • Clipboard data.
  • Content of the notifications.
  • List of installed apps.
  • Images and Videos.
  • GPS location data.
  • SMS messages.
  • Contacts.
  • Call logs.
  • Recording audio.
  • Recording phone calls.
  • Installed apps. 
  • Device name.
  • Storage statistics.
  • Camera.

How Does It Work?

According to the report, the malware sends various data to its Firebase C&C server just after getting installed on the device. And the data that it sends includes storage stats, ISP details, and installed apps. 

However, here the Firebase is used only for conveying commands, while a separate C&C server is used to collect other stolen data using POST requests. This malware collects data directly if it has root access or uses the “Accessibility Services” function on the compromised device.

Moreover, to hide its malicious activities, it publicised fake notifications about the search for updates when it receives new commands from its speculators.

But, here, the most relaxing thing is that this malicious app has never been available on Google Play, and not only that, even the developers at Google are trying their best to prevent it from circumventing its security walls.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles