Security researchers discovered a powerful new Android malware masquerading as a critical system update that can take complete control of a victim's device and steal their data. The malware was found bundled in an app that had to be installed outside of Google Play.
Once installed by the user, the app hides and stealthily exfiltrates data from the victim's device to the operator's servers. Researchers at mobile security firm Zimperium, which discovered the malicious app, said once the victim installs the malicious app, the malware communicates with the operator's Firebase server, used to remotely control the device.
The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos using the phone's cameras.
The malware also tracks the victim's location, searches for document files and grabs copied data from the device's clipboard.
Zimperium CEO Shridhar Mittal said the malware was likely part of a targeted attack. "It's easily the most sophisticated we've seen. I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible", said Mittal.
