Security researchers claim there's a powerful new Android malware that—masquerading as a critical system update—can take complete control of a victim's device and steal their data.
In a report by TechCrunch, researchers at mobile security firm Zimperium, which discovered the malicious app, said the malware was found bundled in an app called 'System Update' that had to be installed outside of Google Play. Once the victim installs the malicious app, the malware communicates with the operator's Firebase server, used to remotely control the device.
The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos using the phone's cameras. The malware also tracks the victim's location, searches for document files and grabs copied data from the device's clipboard.
The malware hides from the victim and tries to evade capture by reducing how much network data it consumes by uploading thumbnails to the attacker's servers rather than the full image. The malware also captures the most up-to-date data, including location and photos.
Zimperium CEO Shridhar Mittal said the malware was likely part of a targeted attack, stating "It's easily the most sophisticated we've seen,".
He also confirmed the malicious app was never installed on Google Play.