Android Phones Are Being Targeted By Malware Masquerading As A System Update

Researchers have discovered a new and violent malware strain that targets Android smartphones. The fact that this latest malware cleverly disguises itself as a system update makes it more deadly than others.

Source

According to a study by Zimperium researchers, this latest malware masquerades as a System Upgrade program, making it difficult to identify. It takes over Android phones once installed, stealing not only data but also messages and pictures, among other items.

According to the researchers, once in control, hackers can record audio and phone calls, take photos, steal instant messenger messages and database files, access WhatsApp messages, search for files with specific extensions, inspect the clipboard data, the content of notifications, inspect the default browser's bookmarks and searches, list the installed applications, steal images and videos, and monitor computer activity.

Source

This malware is designed to run on Firebase Command and Control (C&C) after being downloaded from a non-Google third-party app store and named "update" or "refreshAllData." The app contains feature details such as the presence of WhatsApp, battery percentage, storage statistics, type of Internet connection, and Firebase messaging service token to improve its sense of legitimacy. The app infiltrates the affected computer after the user selects to "update" the existing information. The C&C receives all relevant data, including the newly created Firebase token, after dissemination.

The dedicated C&C server gathers the stolen data using a POST request while the Firebase communication sends the required commands. Adding a new contact, installing a new app through Android's contentObserver, or receiving a new SMS are all examples of acts that cause data exfiltration by the app.

This is a Cross Post. Main Post Link

All of the information above are collected from different articles including this, this and this source

Thanks For Your Attention