We have learned by now that hackers won’t stop at anything to find a way to access your data. They enter into a battle with app developers and app stores to try and stay one step ahead of the other. A new tactic is hidden in the Android app “System Update.” It’s no update – it’s malware that is secretly stealing your data.
Discovery of System Update – a RAT
Mobile security firm Zimperium researchers discovered what they believe is a Remote Access Trojan (RAT). This type of malware allows hackers to get access to your device.
Android app System Update pledges to keep your Android device loaded with the latest software versions. Secretly, however, the app steals your data and sends it to a command center.
Zimperium CEO Shridhar Mittal believes “System Update” is tied into a” targeted attack.”
“It’s easily the most sophisticated (RAT) we’ve seen,” he said in an interview. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”
It seems nothing is safe with System Update. It can steal messages, database files, call logs, phone contacts, pictures, videos, and more. Other than stealing your data, the app can also control your device. It can take pictures with your camera, record audio with your mic, gather your browser history, and even monitor your location data.
When your Android device receives information, the System Update springs into action. The Zimperium researchers said the app is always watching for “any activity of interest, such as a phone call, to immediately record the conversation, collect the updated call log, and then upload the contents to the C&C server as an encrypted ZIP file.”
After accessing your device, the app hides evidence of what it has done, so you’ll never know you’re being compromised in this way.
Not Available on Google Play Store
Google Play Store is in the clear this time. You won’t find this Android app, System Update, there. You’ll find it in a third-party store. While Google doesn’t always keep dangerous apps off the Play Store, it did this time. It’s still better to stick with it rather than go rogue and third party.
It just shows why you always need to be on your toes with all devices that connect to the Internet in some way. Whether it’s your PC, smartphone, security camera, smart speaker, etc., if it connects, it’s capable of connecting to bad actors.
This also holds regardless of the platform you’re on – whether it’s Android, iOS, Windows, Mac, Linux, etc., you can’t let your guard down. That the actors are disguising a RAT as an Android app and system update should be worrisome to all.
Read on to learn about a malware that was found in videoconferencing software last fall.