Most of us love our Android smartphones too much to let them go. Add to that, the freedom that Android as a platform offers to its users, the best of us are sold to the idea of a totally cool operating platform for our smartphones. But the things that make Android so cool and so loved, also make it highly susceptible to outer attacks if proper measures are not taken. Android sure gives us the space to experiment with our devices – and with its huge collection of apps available in Google Play Store, it makes sure that we users do not get fooled by spamming third party apps, but many a times the freedom that comes with Android cost us its price in form of harmful apps and other malware.
It was discovered somewhere in the month of April by the researchers and analysts at Google that a new Android Malware could in fact result in the shift of control of an Android device, that has been infected by its attack, to the attacker (designer of malware). The malware was called Chrysaor, which led to the efforts by Android Security Teams to search for and block all the potentially harmful apps containing that family of spyware, which are also called PHAs.
The process led to the discovery of a whole new family of Android spyware called Lipizzan. Now, these researchers and team behind the discovery have reasons to believe that Lipizzan is actually not in fact related to Chrysaor, the original malware. It is believed that Lipizzan can actually monitor as well as exfiltrate the inboxes of a user – both mail and text – along with their locations, calls and other media like photographs, music, videos, etc. A known cyber arms corporation called Equus Technologies has been identified as the source of the code of this spyware.
Lipizzan has created a ruckus in the technology world, as experts and researchers have been discussing how the spyware in fact works. It is being said on Android Developers blog that it has two stages of function – one, in which it gets distributed and shared via many platforms (even Google Play Store) – and is usually camouflaged as one of the safe, secure apps for Backup or Cleaning. Once, the user installs this app, Lipizzan initiates what is the second function, which is primarily licence verification, testing out the device it is infecting and checking abort criteria. As it gets the all clear to go ahead, it will eventually proceed to root the device, which will result in the attacker possessing the control of device and the power to exfiltrate the data available in the device.
What is surprising is the fact that Lipizzan can gain the total control on the infected device, which means the calls, texts, locations, photos – nothing is safe or private anymore. The spyware can then source and collect various sorts of information and data about the owner – resulting in divulsion of contact lists, call logs, Mail Inboxes, Texts, WhatsApp texts of a user along with other important data.
You may note that this spyware is actually being camouflaged rather well by its developers who have made sure that the apps, which are in fact malicious apps, get their branding and looks changed every few days. Once Google was on to them, it found out and blocked a certain number of apps that were responsible for malware on Google Play Store, but the writers kept coming at Google with new apps containing the same spyware. Everything from backup to notepads, cleaners, even sound recorders have been used to hide behind by the authors of the spyware. Google Play Protect is said to have detected even fewer than one hundred devices to be infected by this spyware.
Please note that if you are an Android user, you can keep your device safe and save yourself the headache of spyware by installing for Google Play Protect today. Also, do make sure that you are installing apps only from the PlayStore and say bye to the third party app vendors. It is also necessary that you keep your Android updated as the new updates come cause that will make sure your device has the latest security patch.
Android malware like CopyCat, SpyDealer and LeakerLocker, and now Lipizzan, have been for past few months in news raising questions about safety and security of using digital mediums for extremely personal information and data. Let us know what you think in the comments below.