New Android malware is out there that, while posing as a system update, has extensive spyware capabilities, steals data from the infected devices and is designed to automatically activate it whenever there is new information about export.
The new spyware can only be installed as a "System Update" application through third-party Android app stores, as it was never available in the Google Play Store.
This drastically limits the number of devices it can infect, as more experienced users are more likely to avoid installing programs from stores outside of Google. Malware also does not have a method of infecting other Android devices by restricting itself to one device.
However, if it manages to install it, it can collect and execute an extensive range of information on the command and control server. Zimperium researchers who located it, observed that "it stole data, messages, images and in the end took control of the Android phone".
"Μόλις αποκτήσουν τον έλεγχο, οι hackers μπορούν να γράψουν ήχους και τηλεφωνικές κλήσεις, να τραβήξουν φωτογραφίες, να ελέγξουν το ιστορικό του προγράμματος περιήγησης, να αποκτήσουν πρόσβαση σε μηνύματα WhatsApp και πολλά άλλα".
Unlike other malware designed to steal data in bulk, the new malware will only activate when certain conditions are met, such as accesscase new contact, new text messages or new apps being installed. AThis means that it will only penetrate the most recent data, collecting location data created and photos taken at the last minute.
Το κακόβουλο λογισμικό θα εμφανίζει επίσης ψεύτικες ειδοποιήσεις ενημέρωσης συστήματος "Αναζήτηση για ενημέρωση .." όταν λαμβάνει νέες commands by its owners to cover up its malicious activity.