Android System Update Spyware Can Steal Your Photos, Money, Record Calls and Track You Too

Must read

How to disable and delete Samsung Pay from your Galaxy phone

When it comes to paying conveniently, Samsung Pay makes using your phone as a bank card an easy process; however, there may come...

Massachusetts ‘MassNotify’ COVID Android app auto-installed for some

According to many user reports over the past day, MassNotify — the Massachusetts exposure notifications app  — was automatically installed on Android phones...

Google weather app on Android disappears for some users

For a long time, the Google app on Android has had a not-so-hidden weather “app” built in. It offers a full UI with...
Bhawani Singh
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

Of all the cyber security threats that are posed to us on the internet today, one of the very biggest ones include spyware. This very specific form of malware is excellent at masking itself away from the public eye, works to escalate privilege on device, thus letting hackers take over devices from remote servers. One such newly discovered tool is taking the form of an Android system update, and subsequently gaining access to practically all data and permissions on a phone. First discovered by security researchers at Zimperium zLabs and termed FakeSysUpdate, the suspected spyware can have devastating consequences, according to reports about it.

In essence, the Android system update malware can do anything it pleases. Once it is installed on a user’s phone, the tool works in the background without any particularly noticeable discrepancies. Users typically see a notification that reads ‘searching for update…’, hence posed as something that any average user may easily mistake to be a legitimate system update notification. Once installed, the tool becomes active to give malicious threat actors a direct route into a person’s device. The consequences from here are tremendous, hence establishing belief among cyber security researchers that the tool is actually spyware, and not the more mass-market stalkerware that are found commonly.

Among things that FakeSysUpdate can do are gaining access to a user’s SMS inbox, hence potentially stealing one-time passwords for banking and financial frauds. However, given the nature of the tool, the researchers at Zimperium argue that it might not really be a malware made for financial gains. The reason for that is FakeSysUpdate’s key capabilities, which include accessing a user’s photos and video files, logging live GPS coordinates from a user’s device, recording live calls and relaying to a remote server, and also activating and recording snippets from an Android phone’s cameras and microphones. In essence, FakeSysUpdate can do it all – steal all your data, your money and record your private moments, all without being detected at all.

What makes things more alarming is that cyber security researchers are not entirely clear as to how the FakeSysUpdate spyware is being spread on the internet, leading to more suspicion that the malware in question is more of a targeted bug that is used to spy on select targets, rather than being a mass-market tool. Zimperium and Malwarebytes Labs have both claimed that FakeSysUpdate is not seen on the Google Play Store as of now, which is the easiest place for stalkerware tools to be spread en masse. It likely has a targeted drop tactic, which may use more specific methods such as spear phishing in order to breach a user’s data.

As of now, it is not clear as to how widespread FakeSysUpdate is, but as users, it is as important as ever to remain constantly vigilant about the content on your phone. Regularly check for official updates, remove all and any apps that you feel may not be legitimate, avoid downloading content that you aren’t sure about, and also avoid clicking on links that you cannot pre-verify.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

WhatsApp Request to Stay Notice from India’s Competition Authority Denied by Delhi High Court

The Delhi High Court on Wednesday refused to stay the notice dated June 4, 2021, to WhatsApp by the Director-General of Competition Commission...

Wind turbines: How UK wants to become ‘Saudi Arabia of wind’

Prime Minister Boris Johnson has said he wants the UK to become "the Saudi Arabia of wind" and – off the coast of...

amazon app quiz: Amazon app quiz June 23, 2021: Get answers to these five questions to win Rs 15,000 in Amazon Pay balance

Amazon daily app quiz is now live. As part of the quiz today, the e-tailer is giving the participants a chance to win...

How to Play YouTube Video in Picture-in-Picture Mode on iOS

iPhone or iPad users can enjoy YouTube videos in picture-in-picture mode, just like Android devices. You don't need to have the YouTube...
- Advertisement -