The malware is extremely powerful capable of stealing all data stored on your device, including your messages, photos, access browser history, WhatsApp messages, and more. It is even capable of taking full control over the infected Android device.
The Malware Disguises Itself as a “System Update”
Zimperium zLabs researchers discovered the “System Update’ malware, which can act as a Remote Access Trojan (RAT). This means the malware can receive and execute commands from a remote server and exfiltrate data stored on your device. It can also track your device location and secretly record audio or phone calls.
The malware is very complicated and sophisticated. Upon infiltrating an Android device, it starts looking for any activity of interest, such as phone calls, which it will automatically record and upload to a server as an encrypted ZIP file. The file is immediately deleted once the upload is complete so as to not to leave any traces.
A fake Clubhouse Android app was also discovered recently, stealing thousands of user credentials.
The “System Update” malware uses social engineering to gain access to the Accessibility Services permission on the infiltrated Android device. This allows it to read and collect WhatsApp messages by screen scraping.
On rooted Android devices, the malware can steal the WhatsApp database files. It also actively steals clipboard data.
The malware disguises itself by showing a “System Update” notification that looks very similar to how an update notification from Google would look on an Android device.
Google Play Apps Were Not Infected by This Malware
zLabs confirmed with Google that the “System Update” malware was never available as a part of any app on the Google Play Store. It was primarily bundled with apps outside of the Play Store. So, until and unless you regularly sideload apps from third-party and unknown sources, you don’t have anything to worry about.
The malware seems to have been created with a targeted attack in mind, given its complicated and sophisticated nature.
How to Protect Your Android Device From Malware
The best way to keep your Android device secure from malicious apps and malware is to ensure you only install apps from the Google Play Store. Google periodically scans all apps on the Play Store to ensure they are safe.
Additionally, you should install the latest security patch available for your Android device to ensure all known security loopholes are patched.