Of all the cyber security threats that are posed to us on the internet today, one of the very biggest ones include spyware. This very specific form of malware is excellent at masking itself away from the public eye, works to escalate privilege on device, thus letting hackers take over devices from remote servers. One such newly discovered tool is taking the form of an Android system update, and subsequently gaining access to practically all data and permissions on a phone. First discovered by security researchers at Zimperium zLabs and termed FakeSysUpdate, the suspected spyware can have devastating consequences, according to reports about it.
In essence, the Android system update malware can do anything it pleases. Once it is installed on a user’s phone, the tool works in the background without any particularly noticeable discrepancies. Users typically see a notification that reads ‘searching for update…’, hence posed as something that any average user may easily mistake to be a legitimate system update notification. Once installed, the tool becomes active to give malicious threat actors a direct route into a person’s device. The consequences from here are tremendous, hence establishing belief among cyber security researchers that the tool is actually spyware, and not the more mass-market stalkerware that are found commonly.
Among things that FakeSysUpdate can do are gaining access to a user’s SMS inbox, hence potentially stealing one-time passwords for banking and financial frauds. However, given the nature of the tool, the researchers at Zimperium argue that it might not really be a malware made for financial gains. The reason for that is FakeSysUpdate’s key capabilities, which include accessing a user’s photos and video files, logging live GPS coordinates from a user’s device, recording live calls and relaying to a remote server, and also activating and recording snippets from an Android phone’s cameras and microphones. In essence, FakeSysUpdate can do it all – steal all your data, your money and record your private moments, all without being detected at all.
What makes things more alarming is that cyber security researchers are not entirely clear as to how the FakeSysUpdate spyware is being spread on the internet, leading to more suspicion that the malware in question is more of a targeted bug that is used to spy on select targets, rather than being a mass-market tool. Zimperium and Malwarebytes Labs have both claimed that FakeSysUpdate is not seen on the Google Play Store as of now, which is the easiest place for stalkerware tools to be spread en masse. It likely has a targeted drop tactic, which may use more specific methods such as spear phishing in order to breach a user’s data.
As of now, it is not clear as to how widespread FakeSysUpdate is, but as users, it is as important as ever to remain constantly vigilant about the content on your phone. Regularly check for official updates, remove all and any apps that you feel may not be legitimate, avoid downloading content that you aren’t sure about, and also avoid clicking on links that you cannot pre-verify.