Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

As just recently, the cybersecurity researchers at Zimperium have actually found a harmful app that can be downloaded outside of Google Play (third-party Android app shops)..

Messages in messenger apps.
If you have root rights, then it will likewise have access to the messenger database files.
Browsing history.
Search history in Chrome, Mozilla Firefox and Samsung internet browser.
Numerous types of files like.pdf,.
Clipboard data.
Content of the alerts.
List of installed apps.
Videos and images.
GPS place data.
SMS messages.
Call logs.
Recording audio.
Recording call.
Set up apps..
Device name.
Storage stats.

And here once the user grants the gain access to, it will simply take over the control of the device and will get access to all the following things that we have pointed out listed below:-.

We ought to always stay careful and alert with the applications that we set up and download from outside the Play Store since we can download an app with malware that might infect our Android gadgets.

In this situation, when the user clicks on the alert, the malware asks the user to install this new application, which will later request full access to the gadget..

Once the user downloads this harmful app on their mobile phone, the app contacts the Firebase server and begins managing the device remotely. The security professionals have verified that this malicious app screen itself as “System Update.”.

This new “System Update” malware is remarkably advanced malware, and this malware tricks and contaminates the users by introducing a notification that pretends to be a system update.

New Malware: “System Update”.

How Does It Work?

Here, the most relaxing thing is that this malicious app has never ever been available on Google Play, and not just that, even the designers at Google are trying their finest to prevent it from circumventing its security walls.

Nevertheless, here the Firebase is used only for conveying commands, while a separate C&C server is utilized to collect other stolen data using POST requests. This malware collects data straight if it has root access or utilizes the “Accessibility Services” function on the compromised device.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

According to the report, the malware sends out various information to its Firebase C&C server just after getting installed on the gadget. And the information that it sends out consists of storage statistics, ISP information, and installed apps..

Additionally, to hide its harmful activities, it publicised phony alerts about the look for updates when it receives new commands from its speculators.