Google has discovered powerful Android spyware, dubbed Lipizzan, which lurked behind infected apps and scanned infected devices for user data.
The spyware was able to bypass Google’s Bouncer security system by splitting into two stages. The fist stage comprises apps with legitimate code offering useful services such as data backup and software cleaning, which allowed then to squeeze past Google security checks.
Once downloaded by Android device users the innocuous apps would then download a second-stage component featuring malicious code, which escaped security checks by hiding under the guise of being a license verification process.
Once the victim;s device was infected with the malicious code, Lipizzan gained root privileges enabling it to perform a variety of spyware tasks, such as call recording, location monitoring, and taking screenshots.
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media,” explained researchers from Google’s Threat Analysis Group.
“We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.”
Google noted that while the source of the spyware has yet to be confirmed, signs point toward it originating from an Israeli cyber arms group called Equus Technologies.
The group describes itself as offering products and services for “law enforcement, intelligence agencies, and national security organisations”, which could suggest the Lipizzan spyware was a proof-of-concept attack created by the company rather than an all out spyware campaign.
It also signals that there are hackers and coders actively looking at ways to bypass Google;s security checks and systems.
Google’s bolstered Android security service, Google Play Protect aims to provide the means by which Android users can protect themselves from such cyber threats.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…