That Android System Update could actually be malware

News
By published

Think twice before using third-party app stores, Android users warned

Android 12 beta update
(Image credit: Shutterstock / quietbits)

A dangerous new strain of spyware has been identified by researchers, posing a threat to the many millions of Android smartphone users.

In a blog post, security company Zimperium zLabs warns about the “sophisticated” new campaign, which disguises malware as an Android System Update in a bid to trick users into triggering the infection.

Once a device has been infected, the spyware is able to record phone calls, take photos, access messages and much more. Any data collected is then lifted from the Android device via a dedicated command-and-control (C&C) server.

According to Zimperium, the malicious download is being distributed via third-party application stores and has never been listed on the official Google Play Store.

Android System Update malware

Unlike other forms of malware, which gather information in an indiscriminate manner, this new strain of spyware is designed to detect certain events and actions before collecting data.

When the spyware detects a phone call is taking place, for example, the conversation is recorded and an encrypted ZIP file is uploaded to the C&C server.

There are also further signs the malware operators are “very concerned about the freshness of the data”, says Ziperium.

“The spyware doesn’t use data collected before a fixed period,” explained the firm. “For example, location data is collected either from the GPS or the network (whichever is the more recent) and if this most recent value is more than five minutes in the past, it decides to collect and store the location data all over again.” 

In order to avoid detection, the malware is programmed to immediately delete any additional files it has created on the device as soon as they have been uploaded successfully.

To shield against this new malware strain, users are advised never to download content from third-party app stores and to protect their devices with a leading Android antivirus service.

TOPICS
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Read more
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AI quantization

What is AI quantization?
See more latest
Most Popular
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)