New Android Spyware Disguised as System Update Records Calls

Researchers have discovered a sophisticated piece of malware targeting users of the Android mobile operating system. This malicious software is capable of extracting various types of information and spying on victims by recording audio and logging phone calls.

The Android malware was identified by experts at Zimperium. They warn users about the clever disguise used by the malware—it poses as a System Update app. Once installed on a device, the program collects data about the operating system, messages, media files, and can even record audio using the built-in microphone or take photos of the victim’s surroundings. In addition, the malware can access WhatsApp conversations and browser history.

“Our investigation showed that this malware is part of a well-organized cyber-espionage campaign. Essentially, it functions as a remote access trojan (RAT),” Zimperium experts wrote in their report.

After discussing the new cyber threat with Google, researchers concluded that it has never been found in the official Google Play Store. This significantly reduces the risk for regular users to be infected by this advanced malware.

The trojan communicates with its command and control (C2) center via the Firebase messaging service. The C2 can instruct the malware to record audio from the microphone or send collected data from the device.