Deceptive spyware family detected on Google Play Store
Reportedly, while investigating another case of spyware, Google researchers have detected a bunch of spyware applications on the Google Play store. Known as Lipizzan, the spyware was found in at least 20 apps in the store but only managed to infect around 100 devices. After performing analysis, researchers have connected the spyware to Equus Technologies, a cyber arms company.
Once installed, an infected app would have permission to perform spying activities, such as recording calls, making screenshots, taking photos, accessing information like contacts, SMS, call logs, etc., and then transferring that data to the creators of the spyware.
Lipizzan pretends to be legitimate applications
The spyware was discovered in around 20 different apps and in order to make users install them, they were pretending to be useful applications, such as cleaners and backup tools. Fortunately, only around a hundred users installed one of these infected apps. Once someone installs the malicious application, the spyware would initiate a ‘license verification’ stage where it would scan for certain data. If the device is found to be unable to detect the next stage, it will proceed to root the device with Android exploits. After the stages are completed, the spyware will gather data from the infected device and send it to a remote Command and Control server that is managed by the spyware creators. That means that your private information would be given to possibly dangerous parties.
Very little is known about the company behind the spyware, reportedly Equus Technologies, and Google has removed all of the company’s released apps from the store, including the 20 malicious ones.
What should you do to avoid infecting your device?
There is plenty you can do to make sure that your device is as secure as possible. While you may argue that infection is possible even when using legitimate stores, such as Google Play, there is still a lesser chance to get infected if you stick to them. If you use questionable third-party stores, you are more likely to contaminate your device with something. For one, Google Play has Google Play Protect, a malware scanner that gets rid of malicious apps. It will scan the app before you are allowed to download it and will also remove dangerous apps you have installed.
You should also start paying attention to what permissions apps ask of you. If a simple animation wallpaper is asking to read your contacts or messages, you might want to rethink its installation. You should also enable the ‘verify apps’ feature. Lastly, your device should always be kept up-to-date to ensure that no malware is able to take advantage of vulnerabilities.