New malware for Android devices is released that, while presented as a system update, has extensive spyware capabilities, steals data from infected devices and is designed to be activated automatically whenever there is new information to export.
The new spyware can only be installed as a "System Update" application through third-party Android app stores, as it was never available in the Google Play Store.
This drastically limits the number of devices it can infect, as more experienced users are more likely to avoid installing programs from stores outside of Google. Malware also does not have a method of infecting other Android devices by restricting itself to one device.
However, if it manages to install it, it can collect and execute an extensive range of information on the command and control server. Zimperium researchers who located it, observed that "it stole data, messages, images and in the end took control of the Android phone".
"Once in control, hackers can record sounds and phone calls, take photos, check browser history, access WhatsApp messages and more."
Unlike other malware designed to steal massive data, new malware will only be activated when certain conditions are met, such as adding a new contact, new text messages, or new applications being installed. AThis means that it will only penetrate the most recent data, collecting location data created and photos taken at the last minute.
The malware will also display fake "Search for Update .." system update notifications when it receives new commands from its owners to cover its malicious activity.