Before you approve what appears to be a new Android update, you may want to verify that you're installing the real thing.
According to mobile security firm Zimperium zLabs, a new form of malware disguised as a system update is making the rounds on Android devices. Instead of actually upgrading users to a new version of the operating system, the malware commandeers the phone to take advantage of several functions. It lets bad actors record audio, phone calls, take photos, access messages within third-party messengers like WhatsApp, and even search for specific file types present on the phone.
This invasive "app" is considered a "sophisticated spyware campaign with complex capabilities," according to zLabs researchers. After installation, the device becomes registered with the Firebase Command and Control (C&C) and reports information about WhatsApp, storage information, the internet connection, and a swath of other details.
Triggering the spyware comes in different ways: installing a new app, receiving a text, or even adding a new contact. From there, call recording can begin if calls are made or received. Messages can be logged. It's a whole suite of bad news, especially when users have no idea it's all taking place.
So when accepting updates or before installing new apps on your Android device, it's important to know where the software you're using comes from. Android updates will never come in the form of a new, self-contained app. Be sure not to install anything you're sent via text message unless it's from a trusted source you're expecting to share it.
For additional details on the malware and how it works, check out the Zimperium listing for more information.