Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

As just recently, the cybersecurity scientists at Zimperium have discovered a harmful app that can be downloaded outside of Google Play (third-party Android app stores)..

We ought to constantly stay mindful and alert with the applications that we download and install from outside the Play Store considering that we can download an app with malware that might infect our Android devices.

This brand-new “System Update” malware is remarkably sophisticated malware, and this malware techniques and contaminates the users by introducing an alert that pretends to be a system update.

And here once the user grants the gain access to, it will simply take over the control of the device and will get access to all the following things that we have discussed listed below:-.

In this scenario, when the user clicks on the notice, the malware asks the user to install this brand-new application, which will later on ask for complete access to the device..

As soon as the user downloads this harmful app on their smart device, the app contacts the Firebase server and starts controlling the gadget from another location. Moreover, the security experts have actually verified that this malicious app screen itself as “System Update.”.

Messages in messenger apps.
It will also have access to the messenger database files if you have root rights.
Searching history.
Browse history in Chrome, Mozilla Firefox and Samsung internet browser.
Numerous kinds of files like.pdf,. doc,. docx, and.xls,. xlsx.
Clipboard information.
Material of the alerts.
List of set up apps.
Images and Videos.
GPS place data.
SMS messages.
Call logs.
Recording audio.
Recording telephone call.
Set up apps..
Device name.
Storage stats.
Video camera.

New Malware: “System Update”.

How Does It Work?

To hide its malicious activities, it publicised phony notifications about the search for updates when it receives new commands from its speculators.

According to the report, the malware sends various information to its Firebase C&C server just after getting installed on the gadget. And the information that it sends out consists of storage stats, ISP information, and installed apps..

But, here, the most relaxing thing is that this malicious app has never been available on Google Play, and not only that, even the designers at Google are trying their finest to prevent it from circumventing its security walls.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Here the Firebase is used only for conveying commands, while a separate C&C server is utilized to gather other taken data using POST requests. This malware collects data straight if it has root access or uses the “Accessibility Services” function on the compromised device.