Zamen | زامن
Google Detects Dangerous Spyware Apps On Android Play Store
Security researchers at Google have discovered a new family of deceptive Android spyware that can steal a whole lot of information on users, including text messages, emails, voice calls, photos, location data, and other files, and spy on them.
Dubbed Lipizzan, the Android spyware appears to be developed by Equus Technologies, an Israeli startup that Google referred to as a 'cyber arms' seller in a blog post published Wednesday.
With the help of Google Play Protect, the Android security team has found Lipizzan spyware on at least 20 apps in Play Store, which infected fewer than 100 Android smartphones in total.
Google has quickly blocked and removed all of those Lipizzan apps and the developers from its Android ecosystem, and Google Play Protect has notified all affected victims.
For those unaware, Google Play Protect is part of the Google Play Store app and uses machine learning and app usage analysis to weed out the dangerous and malicious apps.
Lipizzan: Sophisticated Multi-Stage Spyware
According to the Google, Lipizzan is a sophisticated multi-stage spyware tool that gains full access to a target Android device in two steps.
In the first stage, attackers distribute Lipizzan by typically impersonating it as an innocuous-looking legitimate app such as "Backup" or "Cleaner" through various Android app stores, including the official Play store.
Once installed, Lipizzan automatically downloads the second stage, which is a "license verification" to survey the infected device to ensure the device is unable to detect the second stage.
After completing the verification, the second stage malware would root the infected device with known Android exploits. Once rooted, the spyware starts exfiltrating device data and sending it back to a remote Command and Control server controlled by the attackers.
Lipizzan Also Gathers Data from Other Popular Apps
The spyware has the ability to monitor and steal victim's email, SMS messages, screenshots, photos, voice calls, contacts, application-specific data, location and device information.
Lipizzan can also gather data from specific apps, undermining their encryption, which includes WhatsApp, Snapchat, Viber, Telegram, Facebook Messenger, LinkedIn, Gmail, Skype, Hangouts, and KakaoTalk.
There's very few information about Equus Technologies (which is believed to have been behind Lipizzan) available on the Internet. The description of the company's LinkedIn account reads: