Android OS continues to be the subject of targeted malware efforts. The open-source nature of the platform does leave it at a bit of a disadvantage. So it's not uncommon to hear about sophisticated new malware that puts users' data at risk.
A new Android malware has been discovered by security researchers. It hides as a security update while taking control of your device and stealing all of its data.
Don't install apps on your Samsung phones from unknown sources
The malware is being distributed through an app called “System Update.” It's floating around online, you won't find it on Google Play. The only way to install the app right now is to side-load it. Once this app is installed, the malware hides itself on the phone and starts sending data to the malware operator's servers.
This malicious app was discovered by researchers at Zimperium. They found that it can steal contacts, messages, take photos using the camera, record calls, enable the mic and more. It's even capable of tracking the victim's location.
It's actually a smart piece of malware as it tries to avoid detection by not using a lot of network data. It does that by uploading thumbnails instead of the full image to the attacker's servers.
Zimperium CEO Shridhar Mittal points out this is among the “most sophisticated” Android malware that they've ever seen. The only way to protect against it is to not side-load any app on your Samsung device.
Many Android users side-load apps that their device may not be officially compatible with. Not everyone is cautious about where they're sourcing the app files from. That's a major reason why malwares like this, as shown in the image below, are able to spread far and wide.
Google hasn't commented on the matter. The app hasn't reached Google Play yet and it's unlikely to win that approval now that it has a massive target on its back.