The malware is also capable of controlling the device’s front and back camera to take photos periodically.
The IT security researchers at Zimperium have discovered an Android malware capable of stealing sensitive data from infected devices and transfer it on servers controlled by the attackers.
The malware is disguised in an app called “System Update” that has to be downloaded from a third-party store. It is a remote-access Trojan that receives and executes commands from a C&C server and offers a feature-rich espionage platform.
Spyware Can Take Full Control of the Device
This newly discovered malware is so powerful that it can take complete control of the infected device and steal all data types. After the user installs the malicious app, it hides and exfiltrates data stealthily to the attacker-controlled servers.
According to Zimperium researchers, the malware communicates with the attackers’ Firebase server through which the malware operators control the device remotely.
What kind of Data is under Threat?
The spyware can steal various sensitive data, including:
SMS Messages
Search history
Images and videos
Browser bookmarks
Contact information
Tracking device’s location
Instant messenger messages
Record the microphone’s ambient sound and calls
Taking pictures from the device’s back and front camera
Steal data from the device’s clipboard, and search for document files.
How it Evades Detection?
The malware evades detection by the victim by reducing the network data it consumes. It achieves this by uploading thumbnails to its operators’ servers instead of launching the full image. It can also capture the android malware poses system update steal
![Image Sensors Demystified by [IMSAI Guy]](upload/news/image_1616896825_1472953.png)
