Researchers have identified a dangerous new type of spyware that threatens millions of Android smartphone users. A security company warned users about this virus in a blog post. The company reported on the new ‘advanced’ campaign disguising the malware as an Android system update to cause an infection.
The security company states that Android system update is potentially malicious software and states that Android users should think twice before using third-party app stores.
Malware disguised as an Android system update
According to the company, when a device is infected, the spyware can record phone calls, take photos, access messages, and much more. Also, all collected data can then be deleted from the Android device via a special command and control (C&C) server.
The new type of spyware emphasizes that Android System Update is designed to detect specific events and actions before collecting data, unlike other forms of malware that randomly collect information.
For example, when the spyware detects that a phone call is taking place, the call is recorded and an encrypted ZIP file can be uploaded to the C&C server. On the issue of malware, the security firm says there are other signs that operators are “very concerned about the timeliness of the data.”
The security company also explains that spyware does not use data collected before a certain period of time. The company articulates this issue as follows; “For example, location data is collected via GPS or the network (whichever is newer), and if this last value is more than five minutes in the past, it decides to retrieve and store location data.”
Finally, it is mentioned that the malware is planned to immediately delete additional files it creates on the device once they are installed successfully, in order to avoid detection.