Dangerous Android App Pretends to Be a System Update to Steal Your Data

Dangerous Android App Pretends to Be a System Update to Steal Your Data
Photo: Drew Angerer, Getty Images

Beware a newly discovered malicious app that pretends to update your phone but, in reality, is just a giant spyware application that can steal pretty much all your data while also monitoring your movements and online search history.

Simply called System Update, the Android app was discovered by researchers with mobile security firm Zimperium, who have classified it as a Remote Access Trojan (RAT) — a broad category of malware that typically allows a hacker to access and manipulate your device from afar.

This particular RAT is downloaded with the promise of helping you keep your device up to date but, instead, sends all your information back to a Command & Control server. Shridhar Mittal, Zimperium CEO, recently told TechCrunch that he thinks the app is part of a “targeted attack.”

“It’s easily the most sophisticated [RAT] we’ve seen,” Mittal told the outlet. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”

The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it will inventory the rest of the apps on your phone, for instance).

The app can also monitor your GPS location (so it knows exactly where you are) hijack your phone’s camera to take pictures, review your browser’s search history and bookmarks, and turn on the phone mic to record audio.

The app’s spying capabilities are triggered whenever the device receives new information. Researchers write that the RAT is constantly on the lookout for “any activity of interest, such as a phone call, to immediately record the conversation, collect the updated call log, and then upload the contents to the C&C server as an encrypted ZIP file.” After thieving your data, the app will subsequently erase evidence of its own activity, hiding what it has been doing.

Thankfully, this hellish booby trap has never been offered on Google Play store, though it is available via a third-party store, researchers write. Rogue apps like this are becoming a bigger and bigger problem for consumers, so it’s a great idea to limit the number of apps you have on your phone and to do your homework before you download — lest your data fall into the hands of some dark web cretin.