An Android security firm Zimperium has recently reported that a new malicious app that enables cybercriminals to steal data has been discovered on many phones. This malicious application shows a fake notification of updating your phone but, actually, is just a sophisticated spyware application that can get access to all your information including online activity and search history.
Zimperium CEO Shridhar Mittal stated that the malware was a possible part of a targeted attack. “It’s easily the most sophisticated we’ve seen,” said Mittal. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”
Moreover, applications such as WhatsApp are unprotected against this spyware when the device is rooted. However, the spyware cannot operate on more recent versions of Android, but outdated versions may be exposed to the app establishing root access on its own.
Moreover, the malware is a Remote Access Trojan (RAT), which can steal GPS data and SMS messages, contact lists, call logs, harvest images, and video files, covertly record microphone-based audio, hijack a mobile device’s camera to take photos, review browser bookmarks and histories, tap into phone calls, and steal operational data on a handset including storage statistics and lists of already downloaded applications.
The RAT can further try to steal data from external storage. Although, considering some content, for instance, videos can be too large to steal without affecting connectivity, thumbnails alone are exfiltrated.
In addition to it, the researcher’s note informs that when the target is using Wi-Fi, all the stolen data from all the folders are transferred to the C2, whereas when the victim is using the device on mobile data connection, only a particular set of data is transferred to C2.