A dangerous new type of spyware has been identified by researchers that poses a threat to millions of Android smartphone users. A security company warned users of this virus in a blog post. The company reported on the new “advanced” campaign that disguises the malware as an Android System Update to trigger an infection.
Stating that Android System Update may actually be malicious software, the security company states that Android users should think twice before using third-party app stores.
Malware disguised as Android System Update
According to the company, when a device is infected, the spyware can record phone calls, take photos, access messages, and much more. Also, all collected data can then be removed from the Android device via a dedicated command and control (C&C) server.
The new type of spyware emphasizes that Android System Update is designed to detect specific events and actions before collecting data, unlike other forms of malware that gathers information indiscriminately.
When the spyware detects that a phone call is taking place, for example, the conversation is recorded and can upload an encrypted ZIP file to the C&C server. At the point of malware, the security company says there are other signs that operators are “extremely concerned about the up-to-dateness of the data.”
The security company also explains that spyware will not use data collected before a certain period of time. The company expresses this issue as follows; “For example, location data is collected from GPS or the network (whichever is newer), and if this last value is more than five minutes in the past, it decides to recollect and store location data.”
Finally, it is stated that the malware is scheduled to delete additional files it creates on the device immediately as soon as they are successfully installed, in order to avoid detection.