Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

Once the user downloads this malicious app on their smart device, the app contacts the Firebase server and starts managing the gadget from another location. Furthermore, the security specialists have actually affirmed that this harmful app screen itself as “System Update.”.

As recently, the cybersecurity scientists at Zimperium have discovered a harmful app that can be downloaded beyond Google Play (third-party Android app stores)..

We need to always stay alert and careful with the applications that we install and download from outside the Play Store because we can download an app with malware that might contaminate our Android gadgets.

And here once the user grants the gain access to, it will merely take over the control of the gadget and will get access to all the following things that we have mentioned listed below:-.

New Malware: “System Update”.

This brand-new “System Update” malware is remarkably sophisticated malware, and this malware techniques and contaminates the users by launching a notification that pretends to be a system upgrade.

In this situation, when the user clicks on the notice, the malware asks the user to install this new application, which will later on ask for full access to the device..

Messages in messenger apps.
It will also have access to the messenger database files if you have root rights.
Browsing history.
Browse history in Chrome, Mozilla Firefox and Samsung web browser.
Numerous types of files like.pdf,. doc,. docx, and.xls,. xlsx.
Clipboard data.
Material of the notices.
List of installed apps.
Images and Videos.
GPS location information.
SMS messages.
Call logs.
Recording audio.
Recording call.
Installed apps..
Device name.
Storage statistics.
Electronic camera.

How Does It Work?

However, here the Firebase is used just for conveying commands, while a separate C&C server is utilized to collect other stolen data using POST requests. This malware collects information straight if it has root access or uses the “Accessibility Services” function on the jeopardized device.

Additionally, to conceal its harmful activities, it publicised fake alerts about the search for updates when it gets brand-new commands from its speculators.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

However, here, the most relaxing thing is that this harmful app has actually never been available on Google Play, and not just that, even the developers at Google are attempting their finest to avoid it from preventing its security walls.

According to the report, the malware sends out numerous information to its Firebase C&C server simply after getting set up on the device. And the information that it sends out includes storage stats, ISP information, and set up apps..