A new Android malware could steal all your information and leave you vulnerable to massive espionage. Security experts from the Zimperium firm discovered a malicious application that pretends to be a system update to infect your mobile device.

The app is called System Update and works like a remote access trojan (RAT) that give control of your smartphone to a third party. Although this application is not found on Google Play, thousands (or millions) of users who download apps from external stores could be infected.

Once installed, System Update will have access to your files, text and WhatsApp messages, call history, and more. Perhaps the most dangerous thing is that malware can record audio, take pictures with the front camera and rear, as well as monitoring your location through GPS.

The application communicates with an attacker’s Firebase server, granting him remote control. All the data extracted from mobile, including photos that you may capture periodically, are sent to the server. All the information collected by this application will be hosted in a folder on your mobile before being transferred.

Malware masquerades as an Android system update

Image (c) Zimperium

Malware remains alert at all times and as soon as you make a call it will activate a command to record the conversation to later send it encrypted to the attacker. To capture WhatsApp messages, the app abuses the mobile’s Accessibility services by registering the content seen on the screen.

The latter requires an additional step, although the same malware will suggest that you enable the accessibility options required to steal your information. To avoid suspicion of data consumption, some files – such as photographs – are sent in a reduced size or in parts. The application it will wait for you to connect to the Wi-Fi for it to send the packets en masse the attacker.

In addition to personal information, malware you can create a profile with your phone data such as the name and model of the device. According to security researchers, the app is based on 112 known models from Samsung, OnePlus, and even the old Google Nexus.

The best way to protect yourself is do not download applications of dubious origin. The installation of apps from third-party stores is an option that must be enabled in the mobile settings. In recent years, Google has implemented alerts so that consumers are aware of the danger they are in.

Although the most experienced already recognize the sites where reliable apps can be downloaded, it never hurts to disable the option every time you install something outside the Play Store.

