Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

Messages in messenger apps.
It will also have access to the messenger database files if you have root rights.
Browsing history.
Search history in Chrome, Mozilla Firefox and Samsung browser.
A number of types of files like.pdf,.
Clipboard data.
Content of the notifications.
List of set up apps.
Images and Videos.
GPS location information.
SMS messages.
Call logs.
Recording audio.
Recording call.
Installed apps..
Device name.
Storage statistics.
Video camera.

New Malware: “System Update”.

As soon as the user downloads this harmful app on their mobile phone, the app contacts the Firebase server and begins controlling the gadget from another location. The security professionals have actually affirmed that this destructive app screen itself as “System Update.”.

We need to constantly stay alert and mindful with the applications that we install and download from outside the Play Store since we can download an app with malware that could contaminate our Android devices.

As just recently, the cybersecurity researchers at Zimperium have actually discovered a malicious app that can be downloaded outside of Google Play (third-party Android app shops)..

In this situation, when the user clicks the notification, the malware asks the user to install this brand-new application, which will later ask for complete access to the device..

This new “System Update” malware is surprisingly advanced malware, and this malware techniques and contaminates the users by introducing a notice that pretends to be a system upgrade.

And here once the user grants the gain access to, it will simply take over the control of the device and will get access to all the following things that we have actually discussed listed below:-.

How Does It Work?

However, here the Firebase is used just for conveying commands, while a separate C&C server is used to collect other stolen data utilizing POST requests. This malware gathers information straight if it has root access or uses the “Accessibility Services” function on the jeopardized device.

Additionally, to conceal its harmful activities, it publicised phony alerts about the search for updates when it receives new commands from its speculators.

However, here, the most relaxing thing is that this malicious app has actually never been readily available on Google Play, and not only that, even the designers at Google are trying their best to avoid it from preventing its security walls.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

According to the report, the malware sends out various information to its Firebase C&C server just after getting set up on the gadget. And the information that it sends consists of storage stats, ISP details, and set up apps..