Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

Messages in messenger apps.
It will also have access to the messenger database files if you have root rights.
Browsing history.
Search history in Chrome, Mozilla Firefox and Samsung internet browser.
Numerous kinds of files like.pdf,. doc,. docx, and.xls,. xlsx.
Clipboard information.
Material of the notifications.
List of set up apps.
Videos and images.
GPS area information.
SMS messages.
Call logs.
Recording audio.
Recording phone calls.
Installed apps..
Device name.
Storage stats.
Video camera.

As just recently, the cybersecurity researchers at Zimperium have actually found a harmful app that can be downloaded outside of Google Play (third-party Android app shops)..

We must always remain cautious and alert with the applications that we download and install from outside the Play Store given that we can download an app with malware that might contaminate our Android gadgets.

In this situation, when the user clicks on the alert, the malware asks the user to install this new application, which will later on request complete access to the device..

And here once the user grants the access, it will simply take over the control of the device and will get access to all the following things that we have actually discussed listed below:-.

Once the user downloads this harmful app on their smartphone, the app contacts the Firebase server and begins managing the device from another location. Additionally, the security experts have affirmed that this destructive app screen itself as “System Update.”.

New Malware: “System Update”.

This new “System Update” malware is remarkably advanced malware, and this malware tricks and infects the users by introducing an alert that pretends to be a system update.

How Does It Work?

To hide its malicious activities, it publicised fake notifications about the search for updates when it gets brand-new commands from its speculators.

Nevertheless, here the Firebase is utilized just for conveying commands, while a different C&C server is used to collect other stolen data using POST demands. This malware collects information straight if it has root access or utilizes the “Accessibility Services” function on the jeopardized device.

According to the report, the malware sends various information to its Firebase C&C server just after getting installed on the device. And the information that it sends out includes storage stats, ISP details, and installed apps..

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

Here, the most peaceful thing is that this malicious app has actually never been offered on Google Play, and not just that, even the developers at Google are attempting their finest to prevent it from preventing its security walls.