Click to Skip Ad
Closing in...

This new Android malware is so devious

Published Mar 29th, 2021 5:47PM EDT
Android malware
Image: James Thew/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Security researchers have found a new example of Android malware that is almost as devious as it gets, in terms of the way that it tries to fool unsuspecting users.

Zimperium zLabs researchers found what they describe as a “sophisticated new malicious app” targeting Android users that disguises itself as a System Update, even though it’s not. Moreover, this application is able to completely take over a victim’s phone, including by stealing data, messages, and images. To the point that, once this app takes over a targeted phone, “hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more,” according to a blog from the researchers that explains what they found.

“The mobile application poses a threat to Android devices by functioning as a Remote Access Trojan (RAT) that receives and executes commands to collect and exfiltrate a wide range of data and perform a wide range of malicious actions,” the researchers’ blog post continues. Those actions also include:

  • Stealing instant messenger messages and database files;
  • Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser;
  • Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx);
  • Inspecting the clipboard data and the content of notifications;
  • Recording audio and phone calls;
  • Periodically taking pictures (either through the front or back cameras);
  • Monitoring the GPS location;
  • And stealing SMS messages, phone contacts, and call logs.

As if all that wasn’t bad enough, this particular application is also able to conceal its presence from the victim by hiding the icon from the device’s menu or app drawer.

Zimperium CEO Shridhar Mittal told one news outlet that this malware seems like it was part of a targeted attack. “It’s easily the most sophisticated we’ve seen,” Mittal said. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”

Zimperium says that this malware’s functionality and data exfiltration are triggered under conditions that include a new contact being added to the device, a new SMS text being received, or a new application installed “by making use of Android’s contentObserver and Broadcast receivers.”

Here’s the good news about this malware: It’s not coming from the official Google Play Store. Zimperium confirmed with Google that this app is not and has never been available on Google Play, which means users are unwittingly downloading this to their device when they visit unofficial third-party application stores — a huge mobile security no-no. So make sure you’re getting your apps from Google’s official store, and you should be safe.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.