That Android System Update could actually be malware

Think twice before using third-party app stores, Android users warned

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A dangerous new strain of spyware has been identified by researchers, posing a threat to the many millions of Androidsmartphoneusers.

In ablog post, security company Zimperium zLabs warns about the “sophisticated” new campaign, which disguisesmalwareas an Android System Update in a bid to trick users into triggering the infection.

Once a device has been infected, the spyware is able to record phone calls, take photos, access messages and much more. Any data collected is then lifted from the Android device via a dedicated command-and-control (C&C) server.

According to Zimperium, the malicious download is being distributed via third-party application stores and has never been listed on the officialGoogle Play Store.

Android System Update malware

Unlike other forms of malware, which gather information in an indiscriminate manner, this new strain of spyware is designed to detect certain events and actions before collecting data.

When the spyware detects a phone call is taking place, for example, the conversation is recorded and an encrypted ZIP file is uploaded to the C&C server.

There are also further signs the malware operators are “very concerned about the freshness of the data”, says Ziperium.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The spyware doesn’t use data collected before a fixed period,” explained the firm. “For example, location data is collected either from the GPS or the network (whichever is the more recent) and if this most recent value is more than five minutes in the past, it decides to collect and store the location data all over again.”

In order to avoid detection, the malware is programmed to immediately delete any additional files it has created on the device as soon as they have been uploaded successfully.

To shield against this new malware strain, users are advised never to download content from third-party app stores and to protect their devices with a leadingAndroid antivirusservice.

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’