fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Android Malware Spies On You While Posing As A System Update

New Android Malware Spies On You While Posing As A System Update

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated.

The spyware can only be installed as a ‘System Update’ app available via third-party Android app stores as it was never available on Google’s Play Store.

This drastically limits the number of devices it can infect, given that most experienced users will most likely avoid installing it in the first place.

The malware also lacks a method to infect other Android devices on its own, adding to its limited spreading capabilities.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

Steals almost everything

However, when it comes to stealing your data, this remote access trojan (RAT) can collect and exfiltrate an extensive array of information to its command-and-control server.

Zimperium researchers who spotted it observed it while “stealing data, messages, images and taking control of Android phones.”

“Once in control, hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more,” they added.

Zimperium said its extensive range of data theft capabilities includes:

  • Stealing instant messenger messages;
  • Stealing instant messenger database files (if root is available);
  • Inspecting the default browser’s bookmarks and searches;
  • Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser;
  • Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx);
  • Inspecting the clipboard data;
  • Inspecting the content of the notifications;
  • Recording audio;
  • Recording phone calls;
  • Periodically take pictures (either through the front or back cameras);
  • Listing of the installed applications;
  • Stealing images and videos;
  • Monitoring the GPS location;
  • Stealing SMS messages;
  • Stealing phone contacts;
  • Stealing call logs;
  • Exfiltrating device information (e.g., installed applications, device name, storage stats).

Once installed on an Android device, the malware will send several pieces of info to its Firebase command-and-control (C2) server, including storage stats, the internet connection type, and the presence of various apps such as WhatsApp.

The spyware harvests data directly if it has root access or will use Accessibility Services after tricking the victims into enabling the feature on the compromised device.

It will also scan the external storage for any stored or cached data, harvest it and deliver it to the C2 servers when the user connects to a Wi-Fi network.

Hides in plain sight

Unlike other malware designed to steal data, this one will get triggered using Android’s contentObserver and Broadcast receivers only when some conditions are met, like the addition of a new contact, new text messages, or new apps being installed.

“Commands received through the Firebase messaging service initiate actions such as recording of audio from the microphone and exfiltration of data such as SMS messages,” Zimperium said.

“The Firebase communication is only used to issue the commands, and a dedicated C&C server is used to collect the stolen data by using a POST request.”

The malware will also display fake “Searching for update..” system update notifications when it receives new commands from its masters to camouflage its malicious activity.

Fake system update alerts
Fake system update alerts (Zimperium)

The spyware also conceals its presence on infected Android devices by hiding the icon from the drawer/menu.

To further evade detection, it will only steal thumbnails of videos and images it finds, thus reducing the victims’ bandwidth consumption to avoid drawing their attention to the background data exfiltration activity.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Unlike other malware that harvests data in bulk, this one will also make sure that it exfiltrates only the most recent data, collecting location data created and photos taken within the last few minutes.

Indicators of compromise, including malware sample hashes and C2 server addresses used during this spyware, are available at the end of Zimperium’s report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us