Dangerous Spyware Apps Detected On Android Play Store
Google security researchers have discovered a new family of Android spyware on Android Play Store that could cause much damage to Android devices and their users.
The newly discovered spyware apps could steal all kinds of information relating to the android users- emails, voice calls, photos, location data etc. The spyware family, which is called Lipizzan, seems to be developed by Equus Technologies, a cyber arms company. A post on Google’s ‘Android Developers Blog‘ explains this in detail- “Earlier this year, we announced we had blocked Chrysaor targeted spyware, believed to be written by NSO Group, a cyber arms company. In the course of our Chrysaor investigation, we used similar techniques to discover a new and unrelated family of spyware called Lipizzan. Lipizzan’s code contains references to a cyber arms company, Equus Technologies.”
The Blog also explains what Lipizzan spyware does- “Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media.”
As many as 20 Lipizzan spyware apps have been found and Google has succeeded in blocking the developers and apps from the Android ecosystem. The affected devices (fewer than 100 smartphones) have been notified by Google Play Protect and the Lipizzan spyware apps have been removed from the devices.
A multi-stage spyware tool
As per Google experts, Lipizzan is a sophisticated multi-stage spyware tool. It’s, in fact, a two stage Android malware; it gains full access to a device in two steps.
The Android Developers Blog post says- “The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a “Backup” or “Cleaner” app. Upon installation, Lipizzan would download and load a second “license verification” stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.”
Once Lipizzan gains entry into an Android Device Manager, it could monitor and even steal voice calls, contacts, app-specific data, location or device information etc. It could even do VOIP recording, recording from the phone’s mic, taking screenshots, using the phone’s camera to take photos etc. It can even retrieve data from apps like Hangouts, LinkedIn, Skype, Snapchat, StockEmail, Messenger, Telegram, Viber, WhatsApp etc.
Basic protection tips
There are some basic protection tips that would prove helpful as regards protecting Android devices from Lipizzan and from all Android malware.
These include –
- Ensuring the presence of Google Play Protect.
- Downloading and installing apps only from the official Play Store.
- Enabling ‘Verify Apps’ feature from settings.
- Ensuring that device is protected with PIN or password.
- Keeping “unknown sources” disabled when not using it.
- Keeping device up-to-date with latest security patches.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.