Security researchers at the Zimperium warn of a special type of Android spyware that disguises itself as a system update capable of taking control of the device and access all of our data.
According to the announcement, the researchers found the Trojan, which has full access to the device, via its own malware engine on a device that uses it. The main issue is that the malware camouflaged as a system update, so some users might run it believing that it is a series of improvements for their mobile.
In evaluating the capabilities of the malware, the team describes them as very extensive. The malware is able to steal messages from instant messengers as well as their database if there is root access. Bookmarks and the browser history can also be examined, along with the file system. In the latter case, the Trojan then specifically searches for important files.
In addition, the malware regularly takes photos with the cameras of the phone and is able to record calls resulting in a serious user privacy breach.
Google confirmed to Zimperium that the Trojan app was never distributed via the Play Store so that it has to infect devices via other means.
As mentioned, Zimperium highlights the special features of the malware that the app only pretends to be a system update; an icon or something similar is hidden in the app menu. Unsuspecting users could easily be deceived about the true function of the Trojan.
