The program collects messages, contacts, and other data.
Researchers from the American mobile device security company Zimperium have discovered malware for Android masquerading as an important system update.
The software is bundled with an application called System Update, which you need to install from outside the app store. After installation, it communicates with the Firebase server, which is used for remote control of the device, and begins to imperceptibly forward data from the victim’s device to the servers.
The program can steal messages, contacts, device information, browser bookmarks and search history, record calls and sound from the microphone, and take photos using your phone’s cameras. It also tracks your location, searches for document files, and grabs copied data from your device’s clipboard.
According to the researchers, the program hides from the owner of the device, reducing the amount of network data consumed and uploading to the attackers ‘ servers not full images, but only their thumbnails.
Tricking someone into installing a malicious app is a simple but effective way to hack into a device, writes TechCrunch. Therefore, Android devices warn users not to install apps from outside the app store.