Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

New Malware: “System Update”.

This brand-new “System Update” malware is surprisingly sophisticated malware, and this malware techniques and infects the users by launching a notification that pretends to be a system upgrade.

We must constantly stay alert and cautious with the applications that we install and download from outside the Play Store considering that we can download an app with malware that might infect our Android devices.

In this circumstance, when the user clicks the notice, the malware asks the user to install this new application, which will later request full access to the gadget..

Once the user downloads this destructive app on their smartphone, the app contacts the Firebase server and begins managing the device from another location. Moreover, the security professionals have actually affirmed that this destructive app screen itself as “System Update.”.

As recently, the cybersecurity researchers at Zimperium have discovered a malicious app that can be downloaded beyond Google Play (third-party Android app stores)..

Messages in messenger apps.
It will likewise have access to the messenger database files if you have root rights.
Searching history.
Browse history in Chrome, Mozilla Firefox and Samsung browser.
Numerous types of files like.pdf,.
Clipboard data.
Material of the notifications.
List of set up apps.
Videos and images.
GPS area data.
SMS messages.
Call logs.
Recording audio.
Recording phone calls.
Set up apps..
Device name.
Storage stats.

And here once the user grants the access, it will just take over the control of the device and will get access to all the following things that we have actually mentioned below:-.

How Does It Work?

However, here the Firebase is utilized only for communicating commands, while a separate C&C server is used to gather other stolen data using POST demands. This malware collects data directly if it has root gain access to or utilizes the “Accessibility Services” function on the compromised gadget.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

But, here, the most relaxing thing is that this malicious app has never ever been available on Google Play, and not only that, even the developers at Google are attempting their best to prevent it from circumventing its security walls.

According to the report, the malware sends numerous data to its Firebase C&C server simply after getting set up on the device. And the data that it sends consists of storage statistics, ISP information, and installed apps..

Furthermore, to conceal its harmful activities, it publicised fake notices about the search for updates when it receives new commands from its speculators.