Skip to main content

That Android System Update could actually be malware

Android 12 beta update
(Image credit: Shutterstock / quietbits)

A dangerous new strain of spyware has been identified by researchers, posing a threat to the many millions of Android smartphone users.

In a blog post, security company Zimperium zLabs warns about the “sophisticated” new campaign, which disguises malware as an Android System Update in a bid to trick users into triggering the infection.

Once a device has been infected, the spyware is able to record phone calls, take photos, access messages and much more. Any data collected is then lifted from the Android device via a dedicated command-and-control (C&C) server.

According to Zimperium, the malicious download is being distributed via third-party application stores and has never been listed on the official Google Play Store.

Android System Update malware

Unlike other forms of malware, which gather information in an indiscriminate manner, this new strain of spyware is designed to detect certain events and actions before collecting data.

When the spyware detects a phone call is taking place, for example, the conversation is recorded and an encrypted ZIP file is uploaded to the C&C server.

There are also further signs the malware operators are “very concerned about the freshness of the data”, says Ziperium.

“The spyware doesn’t use data collected before a fixed period,” explained the firm. “For example, location data is collected either from the GPS or the network (whichever is the more recent) and if this most recent value is more than five minutes in the past, it decides to collect and store the location data all over again.” 

In order to avoid detection, the malware is programmed to immediately delete any additional files it has created on the device as soon as they have been uploaded successfully.

To shield against this new malware strain, users are advised never to download content from third-party app stores and to protect their devices with a leading Android antivirus service.

Joel Khalili

Joel Khalili is a Staff Writer working across both TechRadar Pro and ITProPortal. He's interested in receiving pitches around cybersecurity, data privacy, cloud, storage, internet infrastructure, mobile, 5G and blockchain.