In a recent Security blog post, Google says it had discovered a new group of malwares termed as Lipizzan, while they were investigation for another malware.
So, in light of above activities Tech giant has expelled around 20 apps from its Play Store as they contained a code that allows the app to survey the android phone and could able to extract user’s e-mails, text messages, calls log and other sensitive information’s.
Though, those malwares only attacked “rooted” phone as once a phone gets root, it opens up many vulnerabilities along with other features and that’s why those apps made their target rooted phones.
Those apps could perform the following operations without being detected.
- They were able to access sensitive data shared across Gmail, messenger, hangouts etc.
- They could also collect chats data over WhatsApp, Facebook, vibe…act.
- They could also Record calls.
- They could also able to take snapshots of the device.
- They could also able to send the location of the user.
- They could also fetch user’s private data/information’s (contacts, call logs…).
To make themselves invincible, they allowed users to do some functions like cleaning of memory, backing up data, and others activities so they could get a chance to send your data to its owner, and after digging into the case, Google said these apps were maintained by some “Equus Technology”.
How these apps work?
On the blog, Google said that these apps work on two level. The first level was the distribution of these apps like they were legitimate apps so that a user can download it. The second stage was the installation of these apps, during installation when a user confirms the app limitations then it downloads the active second stage part and leads into some License verification and then they started their piracy on the user’s data. If a “non-rooted” phone users had this app, then second stage would lead to “rooting” of device.
This is what said in blog,
“Google said: “Lipizzan is a multi-stage spyware product capable of monitoring and exfiltration a user’s email, SMS messages, location, voice calls, and media.”
“We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.”
“We’ve enhanced Google Play Protects capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware”.