Be wary of a recently discovered malware software that claims to upgrade your phone but is a massive spyware program that can harvest almost all of your data while simultaneously tracking your movements and online search history.
The Android software, dubbed System Update, was discovered by Zimperium researchers, who classified it as a Remote Access Trojan (RAT), a broad type of malware that enables a hacker to access and exploit your computer from afar.
This RAT is downloaded to aid you in keeping your computer up to date, but it instead transfers all of your data to a Command & Control server. Zimperium CEO Shridhar Mittal recently told TechCrunch that he believes the software is part of a “targeted attack.”
Mittal told the outlet, “It’s easily the most advanced [RAT] we’ve seen.” “I believe this app took a lot of time and resources to develop. We think there are similar applications out there, and we’re doing whatever we can to find them as quickly as possible.”
The vast amount of knowledge that this sly minor criminal is capable of stealing is frightening. It contains instant messaging messages and archive archives, call logs and phone contacts, Whatsapp messages and databases, photos and videos, all of your text messages, and information about pretty much everything else on your phone (it will inventory the rest of the apps on your phone, for instance).
The app will also map your GPS location (so it knows exactly where you are), take pictures using your phone’s camera, check your browser’s search history and bookmarks, and record audio using the phone’s microphone.
When the computer receives new information, the app’s surveillance features are enabled. The RAT is actively searching for “any operation of interest, such as a phone call, automatically recording the contact, compiling the modified call log, and then uploading the contents to the C&C server as an encrypted ZIP file” according to the researchers. After stealing your info, the app would delete all traces of its operation, making it challenging to figure out what it was up to.
Thankfully, this horrifying booby trap has never been released on Google Play, but it is available from a third-party store, according to researchers. Rogue applications like this are becoming a more significant issue for users, so it’s a brilliant idea to keep the number of apps on your devices to a minimum and do your diligence before installing, should your data fall into the hands of some dark web cretin.
RATs are a popular type of ransomware, and since they can be mounted on a victim’s computer in a variety of ways (email attachments,.torrent files, bad web links, etc. ), a smartphone app is a natural delivery point for a bad actor trying to infect a large number of devices and gain intimate access to their data.
The fact that this app isn’t available on Google’s Play Store shouldn’t give you much hope. Google hasn’t been very good at weeding out poor software from its website. According to a survey conducted last year, the Google Play Store was the “largest seller” of malware Android applications in general. This isn’t due to a shortage of security guardrails (though they aren’t adequate), but also to the reality that the store is so large that it’s likely to miss any bad apples somehow.
This has involved various alarming incidents, such as one published in 2014 in which a RAT posed as an app used by parents to monitor their children’s mobile devices. This year, another article revealed that the Google Play store was hosting a range of malware VPN applications that were simply surveillance trojans. (Google has since removed the applications.) So, in any case, you must be vigilant, and it never hurts to be picky about what you download and know who made the product you’re using.