Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

New Malware: “System Update”.

Messages in messenger apps.
It will likewise have access to the messenger database files if you have root rights.
Browsing history.
Browse history in Chrome, Mozilla Firefox and Samsung internet browser.
Several kinds of files like.pdf,. doc,. docx, and.xls,. xlsx.
Clipboard data.
Material of the alerts.
List of set up apps.
Videos and images.
GPS place data.
SMS messages.
Call logs.
Recording audio.
Recording telephone call.
Set up apps..
Device name.
Storage statistics.
Electronic camera.

Once the user downloads this destructive app on their mobile phone, the app contacts the Firebase server and begins managing the device from another location. Furthermore, the security professionals have verified that this malicious app screen itself as “System Update.”.

This new “System Update” malware is remarkably advanced malware, and this malware tricks and infects the users by launching an alert that pretends to be a system upgrade.

As recently, the cybersecurity scientists at Zimperium have actually found a harmful app that can be downloaded outside of Google Play (third-party Android app shops)..

And here once the user grants the access, it will merely take over the control of the gadget and will get access to all the following things that we have pointed out listed below:-.

We should always remain alert and mindful with the applications that we download and install from outside the Play Store since we can download an app with malware that might contaminate our Android gadgets.

In this scenario, when the user clicks the notification, the malware asks the user to install this brand-new application, which will later request full access to the gadget..

How Does It Work?

Here the Firebase is used just for conveying commands, while a separate C&C server is used to collect other stolen information using POST demands. This malware collects data straight if it has root gain access to or utilizes the “Accessibility Services” function on the jeopardized gadget.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Moreover, to hide its harmful activities, it publicised phony notices about the search for updates when it receives brand-new commands from its speculators.

According to the report, the malware sends numerous data to its Firebase C&C server simply after getting installed on the gadget. And the information that it sends consists of storage stats, ISP information, and installed apps..

Here, the most peaceful thing is that this harmful app has never ever been readily available on Google Play, and not only that, even the developers at Google are trying their best to avoid it from circumventing its security walls.