GOOGLE HAS UNCOVERED a new form of Android malware that can record phone calls, monitor the device's location, retrieve data from popular apps and even make recordings from the device's microphone.
Google claimed that the spyware, dubbed 'Lipizzan', is linked to Israeli cyber arms company Equus Technologies.
Google found the Android spyware as part of its investigation into the Chrysaor targeted spyware, which was believed to have been written by another cyber arms company, NSO Group.
Google Play Protect detected Lipizzan in 20 different apps that had been distributed in a targeted fashion to fewer than 100 devices.
The first part of the two-stage spyware tool was what like seemed an innocuous-sounding app, such as 'Backup' or 'Cleaner', on the Google Play store and several other channels.
Once installed, the app would download and load a second 'licence verification' stage, which would survey the infected device and validate certain abort criteria.
Then, if it is given the all-clear, the second stage would root the device with known exploits and begin to exfiltrate device data to a command and control server.
The second stage was capable of performing and exfiltrating the results of:
- Call recording;
- VoIP recording;
- Recording from the device microphone;
- Location monitoring, taking screenshots;
- Taking photos with the device camera(s);
- Fetching device information and files; and,
- Fetching user-information, such as contacts, call logs and text messages.
The spyware could also retrieve data from the likes of Gmail, LinkedIn, Messenger, Skype, Snapchat, Viber and WhatsApp.
Google said it had blocked the developers and apps from the Android ecosystem. It said that Google Play Protect had notified all affected devices and removed the Lipizzan apps.
Google advised users to ensure they've opted into Google Play Protect, that they only use the Google Play store to download apps, keep ‘unknown sources' disabled when not in use, and keep their device patched to the latest Android security update. µ
This weeks in-brief Google News
To replace them with younger models
Security firm warns that IoT devices are the next target
But don't go expecting any new MacBooks