Google Spots And Squashes Lipizzan Android Spyware

Google has discovered powerful Android spyware, dubbed Lipizzan, which lurked behind infected apps and scanned infected devices for user data.

The spyware was able to bypass Google’s Bouncer security system by splitting into two stages. The fist stage comprises apps with legitimate code offering useful services such as data backup and software cleaning, which allowed then to squeeze past Google security checks.

Once downloaded by Android device users the innocuous apps would then download a second-stage component featuring malicious code, which escaped security checks by hiding under the guise of being a license verification process.

Once the victim;s device was infected with the malicious code, Lipizzan gained root privileges enabling it to perform a variety of spyware tasks, such as call recording, location monitoring, and taking screenshots.

Lipizzan Android spyware

Google’s security team identified the spyware and have subsequently blocked it’s access to the Android Play Store, and it appears that the search giant tackled the malware before it could spread too far.

“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media,” explained researchers from Google’s Threat Analysis Group.

“We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.”

Loading ...

Google noted that while the source of the spyware has yet to be confirmed, signs point toward it originating from an Israeli cyber arms group called Equus Technologies.

The group describes itself as offering products and services for “law enforcement, intelligence agencies, and national security organisations”, which could suggest the Lipizzan spyware was a proof-of-concept attack created by the company rather than an all out spyware campaign.

It also signals that there are hackers and coders actively looking at ways to bypass Google;s security checks and systems.

Google’s bolstered Android security service, Google Play Protect aims to provide the means by which Android users can protect themselves from such cyber threats.

Quiz: What do you know about Android?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago