As security researchers at Zimperium write, the developers simply called the malicious application “System Update”. The app also uses the official logo of the search engine group Google as an icon. The name and the symbol also appear in the notification menu, so that the user could mistake the notification for information from the system. The app pretends to be actively looking for updates.
A new, malicious Android application poses as an update process from Google
Anyone who gets their apps exclusively from the official Google Play Store should not be affected by the malicious application. The spyware is only distributed through third party sources. In addition, the app has no way of independently infecting other devices.
The app accesses almost all user data
The malware is a remote access Trojan that can access a large amount of information from the user’s smartphone and forward it to a command server. The hackers have the option to record calls and intercept messages. The app also collects browser history, photos and other data. The command server can order an infected device to activate the camera and microphone.
Since the size of the data packets sent is limited, the malware is difficult to detect. However, the real update services will not show any notification that updates are currently being checked. Instead, the user is only informed if the system has already found a new update.