A new Android spyware disguised as “system update”


Security researchers say a powerful new Android malware disguised as a critical system update can take complete control of victims’ devices and steal their data.

The malware was found to be bundled in an application called “system update”, which must be installed outside Google play, an Android device app store. After the user installs, the application will hide and quietly leak the data from the victim’s device to the operator’s server.

Researchers at zimperium, a mobile security company that found the malicious application, said that once the victim installed the malicious application, the malicious software would communicate with the operator’s firebase server for remote control of the device.

Spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos with the camera of the mobile phone. The malware also tracks the victim’s location, searches for document files, and obtains copied data from the device’s clipboard.

The malware hides from the victim and tries to avoid capture by uploading thumbnails rather than complete images to the attacker’s server to reduce the amount of network data it consumes. The malware also captures the latest data, including location and photos.

2020 is a disaster, but the pandemic puts safety in the spotlight

Shridhar Mittal, CEO of zimperium, said the malware could be part of a targeted attack.

“It’s easy to be the most complex we’ve ever seen,” Mittal said. “I think it took a lot of time and effort to create this application. We believe there are other similar applications and we are doing our best to find them as soon as possible.”


Screenshot of malware disguised as a system update running on an Android phone. The malware can fully control the affected devices. (picture: zimperium)

Tricking someone into installing a malicious application is a simple but effective way to attack the victim’s device. That’s why Android devices warn users not to install apps from outside the app store. But many old devices don’t run the latest apps, forcing users to rely on older versions of apps from pirated app stores.

Mittal confirmed that the malicious application had never been installed on Google play. A Google spokesman did not comment on the measures taken by the company to prevent malware from entering the Android App store. Google has seen malicious applications slip through its filters.

This malware has extensive access to the victim’s devices and has many forms and names, but it does the same thing to a large extent. In the early days of the Internet, remote access Trojans or rats allowed snoopers to monitor victims through their webcams. Today, child monitoring applications are often re used to monitor a person’s spouse, called tracking software or spouse software.

Last year, techcrunch reported that kidsguard tracking software – ostensibly a child monitoring application – uses similar “system updates” to infect victims’ devices.

But researchers do not know who created the malware or who its target is.

“We are beginning to see more and more rats on mobile devices. And the complexity seems to be rising. It seems that bad actors have realized that there is as much information on mobile devices as they are and that they are much less protected. Traditional endpoints,” Mittal said.

A “starkerware” app leaked phone data from thousands of victims

Safely send a prompt to + 1 646-755-8849 through signal and WhatsApp. You can also use send files or documents for secure delivery

Leave a Reply

Your email address will not be published. Required fields are marked *