Millions Download Spyware App That Promised Latest Android Software Updates

Author Photo
Apr 20, 2017
36Shares
Submit

Millions of users have been tricked into downloading Android spyware disguised as a system update in the Play Store. The app that claims to give users access to the latest Android updates remained undetected in the Play Store for three years and was downloaded between one and five million times.

Android spyware app sees millions of downloads

This SMSVova Android spyware is capable of accessing the user’s location, IT security researchers at Zscaler reported today. Zscaler revealed that millions of Android users, who were searching for Android software updates in the Play Store ended up downloading this spyware, which tracked them in real time and sent their location to cyber criminals.

Related Google Won’t Fix a Flaw Used by 74% of Ransomware Until the Release of Android O

The security research firm first started looking into this app called “System Update” after spotting reviews that said the app doesn’t update Android and drains the battery too. The app also lacked any proper details or description on the Play Store page, further adding to the suspicion. The store page, which is full of blank screenshots, should have been enough of a warning, but still many novice users fell for the trick. The page also added that the app offers “application updates” and “enables special location features”.

Once a user tries to use the app, however, they receive a message saying, “Unfortunately, Update Service has stopped”. The app hides its run icon from the device and sets up MyLocationService feature to get the last known location of the smartphone. Why were anti-virus unable to detect it could be due to this Android spyware’s using text messages for malware initiation. The app sets up IncomingSMS receiver to scan for incoming text messages that contain instructions for the malware.

Related 350 New Android Malware Instances Are Discovered Every Hour!

“The SMS-based behavior and exception generation at the initial stage of startup can be the main reason why none of the antivirus engines on VirusTotal detected this app at the time of analysis,” Zscaler noted.

It is unclear why exactly was the malware focusing on user location alone. The app also hasn’t been updated since December 2014, however, millions of people kept downloading it. Google has now removed it from the store after being alerted, but the app did go undetected since it first appeared in 2014. We are still to hear back from the search giant on why this app remained active for three years in the Play Store.

Submit