Let’s face it, most people are glued to their phones when they have downtime. Many don’t look up to cross the street. With this much dedication to their individual mobile devices you’d think that people would be more careful about what they download.
Apparently, that Instagram feed is just too distracting to worry about individual data security.
Researchers from the mobile security firm Zimperium have discovered a malicious app that pretends to update your Android device, but is just spyware that can steal almost all of your data and monitor your search history and your location. Simply called “System Update” it has tricked many unsuspecting Android users as of this writing.
The spyware, or officially Remote Access Trojan (RAT), attached to this malicious download can only be downloaded outside of the Google Play store, which is fortuitous for many would-be victims of a malware attack like this. The spyware can effectively steal messages, contacts, device information, browser bookmarks, user search history, and can gain access to the microphone and the camera.
What’s more, it continuously tracks a user’s location, which can be really dangerous for anyone. The app starts spying everytime the device receives new information, which for any heavy user is constant. After stealing your data, the app will work to erase the evidence of it’s activity, effectively covering its tracks indefinitely.
All-in-all, it is a pretty tough cookie.
You won’t be surprised to learn that phishing is the number one way people are being exposed to the corrupt “System Update” app. Google continuously warns people to not install apps from outside the Google Play app store, but as people’s devices age, they aren’t always compatible with older operating systems found on these devices and start looking for options outside of the Google Play app store. This can lead to people downloading apps that seem useful, but are completely nefarious. “System Update” seems to be one of those apps.
While there have been nefarious apps found on the Google Play store in the past, the malicious app rate is extraordinarily low when sticking to the official app store. Users should also consider questioning any situation where an app is suggested for you outside of the app store, even if it seems to redirect you to the Google Play apps store. You just never know what you are going to get when you trust third parties on the Internet.
If you need a comprehensive plan to protect your business data from employee impulse and mobile negligence, give our technicians a call today at (323) 489-3250. We can help you with mobile device management (MDM) and Bring Your Own Device (BYOD) which can have all types of benefits for your business.