In April, Google’s inventors invented an Android malware, called a Chrysaor, which could give the attacker remote control of the infecting device. Android security was able to detect and prevent potentially harmful apps (PHA) with the family of spyware, but in the process of doing so, a new spyware family discovered called Leipzine.
The new spyware is not related to the Chrysaor as believed by the Researchers and can monitor and execute any user’s email, SMS messages, locations, voice calls, and media. The backbone of the spyware is related to the cyber arms company, Equus Technology.
On the Android Developers Blog, researchers say that newly discovered spyware works in two stages. It is for the first time distributed by several channels including Google Play, and is hidden behind a bad app like “Backup” or “Cleaner.” After setting up such an app, the plugin will load the second “License Verification” stage, which checks for the compact device and verifies some incomplete parameters. Once specified, spyware has to control the device and route it with the actions known to go to the command and control server.
Effect of Lipizzan malware-
Once Lipizzan’s takes full control of an infected device, it tracks the user’s location to record calls, take screenshots and photos with the phone’s camera, receiving devices and other users such as contacts, call logs Information stored in data and the ability to file and more. Researchers say that PHAs had unique routines for receiving data from apps like Gmail, LinkedIn, Skype, Snapchat, and WhatsApp.
The most important thing about new spyware is how quickly the author can change the effectiveness of installed apps’. Immediately after Google has researched and stopped the first set of apps on Google Play, new apps have begun to crop to the same spyware. These apps have been replaced by ‘Backup’ apps such as “cleaner,” “notepad,” “sound recorder,” and few names. Google says it has detected spyware in more than 100 devices, which has been tested on Google Play Protect. Now Lipizzan has been discovered, Google Play Protect has successfully removed the family from the affected devices and will be installed on new devices.
Google says that Android users can protect themselves from choosing Google Play Protection, and ensure that apps are only downloaded from Google Play. The company has also urged the users to keep their phones in an update Android security update.
In recent months there has been a bunch of related concerns related to Android malware such as SpyDealer, LeakerLocker, and CopyCat, which raised concern over anxiety over the risk of platform security and personal information stored on digital space.