It won’t be an exaggeration to say that our entire lives can be held in our palms, in that glass slab. All our private messages and conversations, personal details, photos, and videos are on our phones. What if someone were to look into our things? This is exactly what’s happening with another Android spyware in the cyberworld.

The scoop

Zimperium zLabs spotted a new, sophisticated Android malware that impersonates the System Update app to steal user and handset data, including texts, GPS data, call logs, contact lists, image and video files, and operational information, among others. In addition to this, when the victim is using WiFi, all the stolen folders are sent to the C2. However, when the victim is on a mobile connection, only selected data is sent to the C2. This is to ensure that users are unable to suspect that devices have been compromised.

Why does it matter?

This RAT abuses Accessibility Services to gain access to instant messenger apps. Moreover, if the victim device is rooted, the spyware can collect database records too. The RAT comes with advanced capabilities as its operators have set time controls to ensure only the most recent and relevant content is exfiltrated.

Relevant incidents

Lately, Android has had more than its fair share of malware. Here are a few incidents that are extremely worrisome.
  • Researchers discovered 70 fleeceware apps on the Google Play Store. These apps have been downloaded 500 million times, offering a profit margin of $38.5 million to their developers.
  • A group of attackers exploited 11 zero-day flaws in a nine-month-long campaign and targeted Android, iOS, and Windows.
  • Google threw out 10 apps, from the Play Store, that contained droppers for financial trojans.
  • The BlackRock trojan impersonated the non-existent Clubhouse app for Android in an attempt to deliver malware that would steal user login info.

The bottom line

Cyberattacks have become as common as rains or sunshine. The point is that people need to put more effort into safeguarding their phones from these latest batches of malware that don’t show any signs of slowing down.

Cyware Publisher