An Android app calling itself "System Update" is unmasked as malware by a security company
Zimperium has published a blog post warning Android users off installing an app called "System Update", asserting that it is in fact a form of malware capable of stealing a wealth of personal and sensitive information from their phones or tablets. This software may be found online by searching for the name in question, and may even have a convincing-looking Google logo as an icon, but is not found on the Play Store.
Once installed, this humdrum-looking app allegedly starts communicating with its maker's command and control (C&C) server via the Firebase system, sending it information on subjects such as how its new host connects to the internet, its battery stats and whether WhatsApp is installed or not.
This is because it is apparently a form of malware called a Remote Access (or RAT) trojan, and may thus be capable of sending all kinds of user data back to its C&C server. They may include messages (whether from apps such as WhatsApp or thoes sent via SMS); recorded phone-calls; GPS-derived location info; browser search histories and even the contents of clipboards or notifications.
Therefore, they may allow a malicious actor to find out an awful lot about a given device's owner. Moreover, Zimperium notes that RATs are also capable of periodically activating a phone's cameras (front- or rear-facing) and mics for further spying potential. All in all, this new report may be a timely reminder to Android fans that they should definitely be careful of what they side-load.