Android malware has hidden as an user spy system update

Researchers have discovered a modern, "sophisticated" Android spyware application that hides as a software update. The malware masks as an application for a device upgrade while secretly exfiltrating user and phone data according to Zimperium zLabs, reports ZDNet.

Once the computer of the victim is mounted, a command-to-control server (C2) is registered using it, and a different C2 is used for managing data theft. The device would not be used for other purposes.

The team says that when a requirement is met, like adding a new mobile contract, a new app is enabled, or receiving an SMS message, data exfiltration is activated.

The malware is a remote access Trojan (RAT) device that can steal GPS information and SMS messages, contact lists, call logs, pickup images, or video groups, microphone-based audio, hijack the camera of a mobile device, review browser bookmarks and stories, wake up phone calls and steal operational phone numbers including storage data and installed listing

RAT abuses Accessibility Services to access these applications, like WhatsApp. Instant messaging content is also endangered.

The RAT even tries to steal external storage files. However, given that some content — like videos — can be too big to snatch, thumbnails are exfiltrated without affecting connectivity.

"If the victim uses Wi-Fi, all stolen data from all folders is forwarded to the C2, while if the victim uses a mobile data link, a certain data collection is only forwarded to C2."

This month, Google pulled several Android applications from the Play Store, which included a bank trojan beat. For the installation of mRAT and AlienBot, utility applications were used, including VPN operation, recorder, and barcode scanner.

Post a Comment

Please do not enter any spam link in the comment box.