The Complete Magazine on Open Source

Android spyware that poses as a ‘System Update’ hits millions of installs

2.57K 0

Android spyware poses as System Update app debuts

An app called ‘System Update’ is reportedly received interest from millions of Android users on Google Play Store. The suspicious app is found to be an SMS-based spyware and is available on Google Play Store since 2014.

According to security firm Zscaler, the ‘System Update’ app is claimed to offer latest Android software updates. It has between one to five million downloads and poses as a legitimate app on Play Store. Millions of victims fell to the trick due to the attractive description of the malicious app.

Zscaler researchers have discovered the spyware three years after it is published on the Play Store. Many users have reported that they are frequently facing slowing down of their devices after installing the app even through the official channel.

“The app portrays itself as a System Update and its description on the Google Play Store states, ‘This application updates and enables special location features,’ but there is no mention of its remote spying capabilities,” the security researchers at Zscaler stated in a detailed blog post.

Android system updates are pushed directly by Google or OEM manufacturer to devices. These updates come automatically to the device over the air, and Android users do not need to install a third-party tool for the same. Further, an external tool is not capable of providing system updates.

However, the ‘System Update’ app is claiming to offer the latest experience after installation. Zscaler researchers have found that instead of providing any updates, the app automatically quits with an error message that reads, “Unfortunately, update service has stopped.”

Scans incoming messages

Zscaler believes that the app is capable of fetching last known location recorded by the device and even triggering broadcast receiver. Further, a piece of code has apparently been identified that can scan through the incoming SMSs if they are in a particular syntax.

Once the spyware is activated in victim’s device, the attacker can send SMS message ‘get faq’ to scan through user’s SMSs.

Avoided malicious detection

The ‘System Update’ app was last updated in December 2014. Evidently, it has smartly avoided the detection by Google bots and engineers.

Google is yet to reveal the insights regarding the spyware app on the Play Store. Meanwhile, users are recommended to avoid installing any third-party apps that appear to bring system updates.