Beware a newly discovered malicious app that pretends to update your phone but, in reality, is just a giant spyware application that can steal pretty much all your data while also monitoring your movements and online search history.
Simply called System Update, the Android app was discovered by researchers with mobile security firm Zimperium, who have classified it as a Remote Access Trojan (RAT)—a broad category of malware that typically allows a hacker to access and manipulate your device from afar.
This particular RAT is downloaded with the promise of helping you keep your device up to date but, instead, sends all your information back to a Command & Control server. Shridhar Mittal, Zimperium CEO, recently told TechCrunch that he thinks the app is part of a “targeted attack.”
“It’s easily the most sophisticated [RAT] we’ve seen,” Mittal told the outlet. “I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”
The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it will inventory the rest of the apps on your phone, for instance).
The app can also monitor your GPS location (so it knows exactly where you are), hijack your phone’s camera to take pictures, review your browser’s search history and bookmarks, and turn on the phone mic to record audio.
The app’s spying capabilities are triggered whenever the device receives new information. Researchers write that the RAT is constantly on the lookout for “any activity of interest, such as a phone call, to immediately record the conversation, collect the updated call log, and then upload the contents to the C&C server as an encrypted ZIP file.” After thieving your data, the app will subsequently erase evidence of its own activity, hiding what it has been doing.
Thankfully, this hellish booby trap has never been offered on Google Play store, though it is available via a third-party store, researchers write. Rogue apps like this are becoming a bigger and bigger problem for consumers, so it’s a great idea to limit the number of apps you have on your phone and to do your homework before you download—lest your data fall into the hands of some dark web cretin.
RATs are a very common form of malware, and while they can be installed onto a victim’s device via a number of methods (email attachments, .torrent files, or bad web links, etc), a mobile app is a pretty natural distribution point for a bad actor looking to infect a lot of devices and gain intimate access to victims’ data.
The fact that this particular app was not found on Google’s play store shouldn’t give you too much comfort. Google hasn’t always been, let’s say, amazing about weeding out the bad apps on its platform. A study published last year showed that the Google Play Store was the “main distributor” of malicious apps for Android, overall. This isn’t because the store lacks security guardrails (though they obviously haven’t been sufficient), it’s more about the fact that the store is so big that it’s bound to miss some bad apples in there somewhere.
This has included a number of pretty unsettling cases—including one, reported in 2014, in which a RAT had disguised itself as an app used by parents to monitor their children’s mobile devices. Earlier this year, another report showed that the play store was then harboring a number of malicious VPN apps, which were actually spying trojans. (Google has since taken the apps down.) So, either way, you have to be careful, and it never hurts to be highly selective about what you download and to be informed about who developed the product you’re using.
Update 1pm ET, Wednesday, March 31: Added additional context about RATs and malware affecting Android devices.