"This Android Malware Hides as a System Update App to Spy on You"

Researchers at Zimperium zLabs have discovered new Android malware disguised as a System Update application. The researchers detected the sample app on a third-party repository, not the official Google Play Store. Once the spyware app is installed, the victim's device is registered with a Firebase command-and-control (C2) server, which issues commands while a separate C2 manages data theft. Data exfiltration is triggered when a certain condition, such as the installation of a new app, is met. According to the team, the malware is a Remote Access Trojan (RAT) capable of stealing GPS data, SMS messages, call logs, contact lists, images, and video files. It can steal operational information like storage statistics and lists of applications installed on the device. The RAT can also take over a mobile device's camera to take photos, secretly record microphone-based audio, review browser histories, and eavesdrop on phone conversations. Zimperium researchers say the malware is part of an advanced spyware campaign with complex capabilities. This article continues to discuss the distribution and capabilities of the new advanced Android malware, and Google's recent removal of Android apps from the Play Store that carried a dropper for banking Trojans. 

ZDNet reports "This Android Malware Hides as a System Update App to Spy on You"