Fake Android update app infects thousands of smartphones

A recent investigation details the detection of a new method of infection for Android devices based on the use of malware that threat actors disguise as a critical update on the system. Successful infections would allow hackers to take full control of the affected device and even steal sensitive information.

Reports indicate that the malware was detected in the code of an app called “System Update”, which requested its download and installation outside of Google’s official platforms, including the Play Store. If users fell into the trap and installed this update, the malicious code would hide its icon and start extracting information from the device to send it to the attacking servers inadvertently.

The report, prepared by security firm Zimperium mentions that at the end of the installation, the malware establishes communication with the hackers’ Firebase server, used to remotely control the compromised smartphone.

Among the capabilities of this malware are messages and contact lists theft, collection of details about the infected device, browser preferences and search history, phone call recording and screenshot stealing. This malware could also extract the user’s location details and copy documents in various formats. To make it difficult to uninstall, the malware hides its processes by reducing the amount of network data consumed, as well as hiding its icon on the victim’s screen.

According to Shridhar Mittal, director of Zimperium, this malware could be part of a malicious campaign targeting specific users, as well as pointing out the complexity of the attack: “It’s one of the most sophisticated attacks we’ve found; operators devoted significant resources to this operation and it is highly possible that they have created other similar applications that we should detect as soon as possible.”

Moreover, Zimperium mentions that it is relatively easy to trick a user into installing the malicious app on their device, as it is enough to redirect potential victims to websites of dubious reputation but attractive to the eye. The main recommendation to prevent these cases of infection is not to install apps hosted on non-Google platforms, in addition to keeping their apps always up to date to the latest version, which ensures the user is protected against the latest trends in mobile hacking.

A subsequent Google report also confirmed that this app was never available on its official platforms, so infected users had to download it from some illegitimate platform. It should be remembered that in the past other malicious apps have managed to sneak into Google Play Store, so it is necessary to take all necessary precautions before installing a new app on our devices.