Another day, another Android malware was found. This time, researchers discovered a new spyware that sends all the sensitive information it collects from affected devices to attacker-controlled servers.

It’s modus operandi? Researchers from security firm Zimperium said that the app is disguising as a system update that users must download from a third-party app store.

Apparently, it’s a remote-access trojan that can receive and execute commands from a server.

The spyware then comes with tons of spying capabilities. There are so many of them that Zimperium made a bullet list with 18 entries out of it. You can check them below.

  • Inspecting the default browser’s bookmarks and searches
  • Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser
  • Inspecting the clipboard data
  • Inspecting the content of the notifications
  • Stealing instant messenger messages
  • Stealing instant messenger database files (if root is available)
  • Stealing SMS messages
  • Stealing phone contacts
  • Stealing call logs
  • Stealing images and videos
  • Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx)
  • Recording audio
  • Recording phone calls
  • Periodically take pictures (either through the front or back cameras)
  • Listing of the installed applications
  • Monitoring the GPS location
  • Exfiltrating device information (e.g., installed applications, device name, storage stats)
  • Concealing its presence by hiding the icon from the device’s drawer/menu

As per the list above, the spyware can steal messages. As per the report, even a messaging app as prominent as WhatsApp is not safe. What’s more alarming is that WhatsApp has billions of users, most of whom think it’s one of the safest and confidential messaging services.

But, it’s been noted that databases are only accessed if the malware has root access to the device. Hackers can root affected devices if they’re running on older Android versions.

Still, if hackers can’t get root access, they can trick users into enabling Android accessibility services, allowing them to steal WhatsApp conversations and other details.

Accessibility settings, meant for people with disabilities, can modify the display or enable spoken feedback. Once enabled, the spyware can steal whatever’s on the WhatsApp screen.


The spyware can also steal files from external storage. When the device is connected to a mobile network, it only steals image thumbnails, which have a smaller size, so that the data consumption won’t tip off the user. When connected to WiFi, the spyware would send a large amount of data to the attackers’ servers.

No matter harmful it may be, it still has one major limitation: it can’t affect smartphones unless it can trick users into giving them access. To keep you safe, make sure you only download apps and system updates to trusted sources. There’s your phone’s own setting menu (or a dedicated Updater app for some device) for system updates, while genuine Android apps are only available on the Google Play Store.

Leave a comment

Your email address will not be published. Required fields are marked *