Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

Once the user downloads this malicious app on their smartphone, the app contacts the Firebase server and starts controlling the device from another location. The security specialists have verified that this malicious app screen itself as “System Update.”.

As just recently, the cybersecurity researchers at Zimperium have discovered a destructive app that can be downloaded outside of Google Play (third-party Android app shops)..

New Malware: “System Update”.

We should constantly stay mindful and alert with the applications that we set up and download from outside the Play Store considering that we can download an app with malware that could contaminate our Android gadgets.

And here once the user grants the access, it will simply take control of the control of the gadget and will get access to all the following things that we have discussed below:-.

Messages in messenger apps.
If you have root rights, then it will likewise have access to the messenger database files.
Searching history.
Browse history in Chrome, Mozilla Firefox and Samsung web browser.
Numerous types of files like.pdf,.
Clipboard data.
Content of the notices.
List of installed apps.
Videos and images.
GPS place data.
SMS messages.
Call logs.
Recording audio.
Recording telephone call.
Set up apps..
Device name.
Storage statistics.
Electronic camera.

In this scenario, when the user clicks on the notice, the malware asks the user to install this new application, which will later ask for complete access to the device..

This new “System Update” malware is remarkably sophisticated malware, and this malware techniques and contaminates the users by launching a notification that pretends to be a system update.

How Does It Work?

According to the report, the malware sends different information to its Firebase C&C server simply after getting installed on the gadget. And the data that it sends includes storage stats, ISP details, and set up apps..

Here the Firebase is utilized only for communicating commands, while a separate C&C server is utilized to gather other stolen data using POST requests. This malware gathers data directly if it has root access or uses the “Accessibility Services” function on the jeopardized device.

Moreover, to conceal its malicious activities, it publicised fake notifications about the search for updates when it gets new commands from its speculators.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

But, here, the most peaceful thing is that this destructive app has actually never ever been offered on Google Play, and not just that, even the designers at Google are trying their finest to avoid it from preventing its security walls.