Zimperium, a privately owned mobile security company based in the US, has warned Android users about installing an app called “System Update”. According to the company, an App is a form of malware capable of stealing wealth of personal and sensitive information from their phones or tablets.
If you just search for the name of the app on any search engine, it pops-up in the third-party Android app stores. It even has a convincing-looking Google logo like an icon but is not found on the Play Store.
According to the information posted by Zimperium, once the app is installed, it allegedly starts communicating with its maker’s command and control (C&C) server via the Firebase system, sending it information on subjects such as how its new host connects to the internet, its battery stats and whether WhatsApp is installed or not.
The company reported that the app contains a form of malware called a Remote Access Trojan or RAT, and may thus be capable of sending all kinds of user data back to its C&C server. The data sent back to the home-server may include messages from apps such as WhatsApp or those sent via SMS; recorded phone-calls; GPS-derived location info; browser search histories and even the contents of clipboards or notifications.
And thus, the app makes it possible for the attackers to gain access to every info on the owner’s device. Zimperium also notes that RATs are also capable of periodically activating a phone’s cameras (front- or rear-facing) and mics for further spying potential. So, android users are extremely careful while side-loading apps in your smartphone.
