If you receive a notification that a new system software update has appeared on your Android phone, it may be a good idea to postpone its installation until you are sure it is not a virus. There seems to be a new type of malware attack for Google’s mobile platform that can fool users into being a system update. As soon as this malware receives the necessary permissions, it can transmit data from the device to the source.
The virus can access all the content on your phone
Zimperium says that this is a RAT (Remote Access Trojan), which does not yet have an official name. Fortunately, it seems that the source of this malware is not the Google Play Store, so if you only use apps from the Google Store, you have nothing to worry about. However, those who faced this Trojan seem to have “received” it by installing applications from unofficial sources and it is not yet clear where. It could be an alternative app store, or maybe a source of pirated apps.
The Trojan displays on the notification screen a message identical to that of a system update, and once accessed and installed, it will be able to access and transmit all data on the phone. The Trojan has access to messages, clipboards, photo and video albums and can even record users or record their calls.
Zimperium experts say that the application is so advanced that it can even monitor encrypted messages on WhatsApp, taking screenshots of the application and sending resized images, so as not to raise suspicions regarding data transfer.
Due to the level of complexity of this “RAT”, security experts say it could be a specialized attack, which had a clear target. However, this does not mean that this malware is less dangerous. Rather, it means that users are less likely to find it online. Also, now that we know that such malware exists, there is a possibility that its functionality may be copied by other “actors” in the online environment.