Android smartphones are reportedly facing threats from a new malware masquerading as a critical system update, researchers at mobile security firm Zimperium zLabs found.
The new ‘advanced’ malware is capable of stealing personal data inclined text messages, images, contacts etc.
The malware is even capable of taking full control of the Android smartphone, zLabs notes.
According to TechCrunch, the malware was found bundled in an app called “System Update” that had to be installed outside of Google Play, the app store for Android devices. Once installed by the user, the app hides and stealthily exfiltrates data from the victim’s device to the operator’s servers.
The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos using the phone’s cameras. The malware also tracks the victim’s location, searches for document files and grabs copied data from the device’s clipboard, TechCrunch said in a report.
Zimperium CEO Shridhar Mittal said the malware was likely part of a targeted attack.
“It’s easily the most sophisticated we’ve seen,” said Mittal. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible,” as quoted by TechCrunch.
Tricking someone into installing a malicious app is a simple but effective way to compromise a victim’s device. It’s why Android devices warn users not to install apps from outside of the app store. But many older devices don’t run the latest apps, forcing users to rely on older versions of their apps from bootleg app stores, TechCrunch said in the report.