Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

As recently, the cybersecurity scientists at Zimperium have actually found a malicious app that can be downloaded outside of Google Play (third-party Android app shops)..

In this circumstance, when the user clicks the notification, the malware asks the user to install this new application, which will later ask for complete access to the gadget..

This brand-new “System Update” malware is surprisingly advanced malware, and this malware tricks and infects the users by launching an alert that pretends to be a system upgrade.

New Malware: “System Update”.

And here once the user grants the access, it will just take over the control of the device and will get access to all the following things that we have actually mentioned below:-.

Messages in messenger apps.
It will also have access to the messenger database files if you have root rights.
Browsing history.
Search history in Chrome, Mozilla Firefox and Samsung internet browser.
Numerous types of files like.pdf,.
Clipboard information.
Content of the notifications.
List of set up apps.
Images and Videos.
GPS location data.
SMS messages.
Call logs.
Recording audio.
Recording phone calls.
Installed apps..
Device name.
Storage data.
Video camera.

We need to constantly remain mindful and alert with the applications that we download and set up from outside the Play Store because we can download an app with malware that might contaminate our Android gadgets.

As soon as the user downloads this harmful app on their smartphone, the app contacts the Firebase server and begins controlling the gadget remotely. The security experts have actually verified that this malicious app screen itself as “System Update.”.

How Does It Work?

But, here, the most peaceful thing is that this destructive app has actually never ever been readily available on Google Play, and not only that, even the designers at Google are attempting their finest to prevent it from preventing its security walls.

Here the Firebase is utilized just for communicating commands, while a different C&C server is utilized to collect other stolen data using POST requests. This malware collects information straight if it has root gain access to or uses the “Accessibility Services” function on the compromised gadget.

According to the report, the malware sends out numerous information to its Firebase C&C server simply after getting set up on the gadget. And the data that it sends out includes storage stats, ISP information, and set up apps..

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

Additionally, to hide its destructive activities, it publicised fake alerts about the search for updates when it receives new commands from its speculators.