The app is called “System Update” and uses the official Google logo. When the app receives new commands from the cybercriminals’ control server, it shows the user a notification with “Searching for Update …”
The app steals and transfers data from the user, including photos and the phone book. It can record phone calls, listen to the user through the microphone, take photos, access the browser history and access WhatsApp messages. Because the transmitted data packets are relatively small for spyware, it is difficult to detect.
According to Zimperium, this app can only be found in unofficial app stores. Users are lured there by manipulated websites and asked to install the app in order to protect their smartphone against malware through the updates. Google has confirmed to Zimperium that the app is not in the official Play Store and has never been in it.