New Android malware disguises itself as a System Update

There is a new Android spyware in the wild that presents itself as a System Update, Zimperium zLabs has warned.

Once it is installed your system, an unauthorised third-party can spy on your data through a dedicated command-and-control (C2) server.

According to the team, the malicious script can be triggered if you receive an SMS message, add a new mobile contact, or install a new app.

The malware is classified as a Remote Access Trojan (RAT) and it can do the following:

  • Harvest videos and images
  • Eavesdrop on phone calls
  • Read SMS messages
  • View GPS data
  • Read call logs
  • Take photos and record audio coming through your microphone
  • Go through your bookmarks and browser history
  • See your contacts

Furthermore, messages and content exchanged through other messaging apps such as WhatsApp can be intercepted.

Those who have rooted their device are at risk of having their database records taken.

If you are using external storage, then the malware will also attempt to get to whatever files you are storing there.

The researchers noticed that it has the capacity to see what connection you are using and adjust its spying behaviour accordingly

For instance, if you are using a mobile data connection, it will only look for a specific set of data, whereas if you are using Wi-Fi, you are at risk of having everything sent to the C2 server.

The purpose of this is to avoid detection for as long as possible and to operate in the background without raising too much suspicion.

Certain types of data such as GPS records are regularly stolen if the records contain values that are over five minutes in the past.

In a similar fashion, any photo transfers are set to a 40-minute timer.

In addition, the malware attempts to delete any traces of its presence, including the archive files it creates.