Malware of all kinds on Android is nothing new. Some even get through Google Play Store security checks. Most, however, use apps originating outside the sanctioned Android app store and tend to wreak more havoc than normal harmful apps. The case in point is a new type of spyware that could be one of the most sophisticated malware of its kind in recent months, not only gaining access to almost all of a user’s data, but even leading them to think it is an update. of legitimate system.
Many malware try to deceive users in a number of ways by pretending to be a free copy of a game or application, causing users to tap areas of the screen to give the application system permissions and more. This unnamed spyware, on the other hand, boldly appears on the user’s notification panel while it is running, but makes them believe that it is a legitimate system process. While this deception is almost amusing in its simplicity, its effectiveness and capabilities are no laughing matter.
According to security researchers at Zimperium, the remote access Trojan or RAT operates in a sophisticated manner rare among its kind. It can have access to a wide range of user data once installed, including messages, clipboard content that can sometimes contain passwords, images and videos and more. You can even record audio and calls.
The malware has several mechanisms that allow you to circumvent normal security measures. It scrapes the screen content of encrypted messaging services like WhatsApp, for example, and sends only thumbnails instead of full-size images to avoid suspicious network behavior. The sophistication of the malware leads researchers to suspect that it is part of a targeted attack, rather than a generalized widespread campaign.
The only good news is that this spyware was not found in any Google Play Store apps, serving as yet another warning about installing Android apps from unofficial sources. Then again, some malware hits the Google application market, but it will now be on guard against this specific RAT.