Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

We must constantly remain cautious and alert with the applications that we set up and download from outside the Play Store given that we can download an app with malware that might contaminate our Android devices.

As soon as the user downloads this destructive app on their smart device, the app contacts the Firebase server and begins managing the gadget from another location. Additionally, the security professionals have verified that this malicious app screen itself as “System Update.”.

This brand-new “System Update” malware is surprisingly sophisticated malware, and this malware tricks and infects the users by releasing an alert that pretends to be a system upgrade.

In this circumstance, when the user clicks on the notification, the malware asks the user to install this new application, which will later on ask for complete access to the device..

Messages in messenger apps.
It will likewise have access to the messenger database files if you have root rights.
Searching history.
Browse history in Chrome, Mozilla Firefox and Samsung internet browser.
Several types of files like.pdf,.
Clipboard information.
Material of the alerts.
List of installed apps.
Images and Videos.
GPS area information.
SMS messages.
Call logs.
Recording audio.
Recording telephone call.
Set up apps..
Device name.
Storage stats.

New Malware: “System Update”.

And here once the user grants the gain access to, it will merely take over the control of the device and will get access to all the following things that we have actually discussed listed below:-.

As just recently, the cybersecurity researchers at Zimperium have discovered a harmful app that can be downloaded beyond Google Play (third-party Android app stores)..

How Does It Work?

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

Here, the most peaceful thing is that this harmful app has actually never been available on Google Play, and not just that, even the designers at Google are trying their finest to prevent it from preventing its security walls.

According to the report, the malware sends out various information to its Firebase C&C server simply after getting set up on the gadget. And the information that it sends out consists of storage stats, ISP information, and set up apps..

Here the Firebase is utilized just for communicating commands, while a different C&C server is used to collect other taken information utilizing POST demands. This malware collects data straight if it has root access or utilizes the “Accessibility Services” function on the compromised device.

Furthermore, to hide its harmful activities, it publicised fake notifications about the look for updates when it gets new commands from its speculators.