'Researchers have discovered a new advanced piece of Android malware that finds sensitive information stored on infected devices and sends it to attacker-controlled servers. The app disguises itself as a system update that must be downloaded from a third-party store, researchers from security firm Zimperium said on Friday. In fact, it’s a remote-access trojan that receives and executes commands from a command-and-control server. It provides a full-featured spying platform that performs a wide range of malicious activities. Zimperium listed the following capabilities: - Stealing instant messenger messages - Stealing instant messenger database files (if root is available) - Inspecting the default browser’s bookmarks and searches - Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser - Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx) - Inspecting the clipboard data - Inspecting the content of the notifications - Recording audio - Recording phone calls - Periodically take pictures (either through the front or back cameras) - Listing of the installed applications - Stealing images and videos - Monitoring the GPS location - Stealing SMS messages - Stealing phone contacts - Stealing call logs - Exfiltrating device information (e.g., installed applications, device name, storage stats) - Concealing its presence by hiding the icon from the device’s drawer/menu' -- source: https://arstechnica.com/gadgets/2021/03/new-android-malware-with-full-range-... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/