In fact, when a threat actor uses FakeSysUpdate to steal targeted information from an infected, asleep device, FakeSysUpdate will also send a fraudulent notification posing as a “System Update” that is “Searching for update.”īeneath the surface, FakeSysUpdate can let a malicious actor steal highly sensitive information while also granting them dangerous control of a victim’s device.Īccording to Zimperium zLabs, the malware can allow a threat actor to monitor GPS locations, record phone calls, record ambient audio, take photos from the front-facing and rear-facing cameras on a device, observe the device’s installed applications, inspect bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser, and steal SMS messages, phone contacts, and call logs.
Once FakeSysUpdate is implanted on a device, it disguises itself to its victims by masquerading as a generic “System Update” application. Even more obscured is the visibility of the app to victims. It does not have a catchy name, but because of its capabilities and its method for going unnoticed, we are calling it Android/, or in this blog, “FakeSysUpdate” for short.įakeSysUpdate is not available on the Google Play store, and it is currently unclear how it is being delivered to Android devices.
A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type apps-it can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location data-but the infrastructure behind the malware obscures its developer’s primary motivations.įirst spotted by the research team at Zimperium zLabs, the newly found malware is already detected by Malwarebytes for Android.
0 kommentar(er)
