March 30, 2021

Researchers have discovered a very advanced piece of Android malware that finds sensitive information on infected devices and sends it to servers controlled by attackers.

The app disguises itself as a system update that must be downloaded from a third-party store. This malware features a fully featured spying platform that carries out a wide range of suspicious and malicious activities. Security firm Zimperium reported that these include:

<li>Theft of instant messenger messages and database files, especially WhatsApp</li><li>Inspection of bookmarks and searches in the default Google Chrome, Mozilla Firefox and Samsung Internet browsers</li><li>Look for files with specific extensions such as. pdf,. doc,. docx, and. xls,. xlsx</li><li>Checking the data in the clipboard and the content of the notifications</li><li>Recording of audio and telephone calls</li><li>Regular shots through the front or rear cameras</li><li>List of installed applications</li><li>Theft of pictures and videos</li><li>Monitoring of the GPS position</li><li>Theft of SMS messages, telephone contacts and call logs</li><li>Exfiltration of device information such as installed applications, device name, memory statistics</li><li>Hide its presence by hiding the icon in the drawer/menu of the device</li>

Most experienced people will not fall victim to this malware, as it is only installed when you make obviously risky decisions, such as downloading third-party software and activating access services.

For more information, you can see the original article in Ars Technica.