Security researchers over at Google have recently discovered a new type of Android spyware dubbed ‘Lipizzan’, which the company believes is linked to Equus Technologies, a cyber arms firm.
Google said, the malware monitoring and recording a victim’s email, SMS messages, location, voice calls, and media. Around 20 Lipizzan apps reportedly distributed to less than a hundred devices. Google calls it one of the most sophisticated and targeted mobile attacks seen yet.
While researchers noted that discovered in the Google Play store, Lipizzan had different results. Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app.
Once installed, Lipizzan would download and enter a second stage called license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.
Google managed to block the first set of apps on Google Play. But, new apps subsequently uploaded using a similar format. Instead of marked as backup apps, they labeled as a cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set. The company still spot the new set of apps not too long after they uploaded.
The spyware only affected an extremely small number of Android devices 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect removed it from any affected devices and blocking the installs on new ones.
Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep unknown sources disabled while not using it. Lastly, keep phoning up to date with the latest Android security update.