We’re going to explain how System Update malware works, a new Android threat that masquerades as a system update to get you to install it and steal all your data. This is a threat that external users can detect by its strange behavior, but it is quite well designed to trick less experienced users.
In this article, we are going to start by explaining how this virus works, telling you in an understandable way the bait it launches to trick you and everything it can do if it gets you to install it. And then, we will go on to explain in a quick and summarized way how you can avoid this threat so that you do not fall into the trap.
How the System Update Malware works
The malware that we are dealing with today disguises itself as a system update notification, and when you click on it, it will try to install itself on your mobile. If you make the mistake of clicking on the bait and install it, it will take control of your mobile and will be able to access a lot of data and things you do with it.
Its operation is as follows. You are going to be shown in the notifications a message that tells you System Update (system update, and tells you that updates are being tracked. If you click on the notification, you will be taken to a third-party app store to download its APK file to install the app, promising that it will help you to keep your phone always up to date.
However, as the researchers who have discovered it point out, what this app does is ask you for a large number of permissions to take control of your phone, and it can read everything you write on it and see everything you do. This is the list of everything this malware will be able to do once you have installed it infecting your Android device:
- It can make audio recordings.
- It can record your phone conversations.
- It can use your front or back camera to periodically take pictures.
- It can read and steal your instant messaging messages.
- It can steal your SMS messages.
- If you have root, it can steal database files from your IM apps.
- It can steal the photos and videos you have on your phone.
- It can read your default browser bookmarks and search history. Also Chrome, Firefox, or Samsung’s browser.
- It can search inside your mobile for files with specific extensions, such as pdf, doc, docx, xls, or xlsx, to access them and their content.
- It can inspect what you have in your mobile’s clipboard.
- It can read the content of your notifications.
- It can see the list of your installed apps.
- It can monitor your GPS location.
- It can read and steal your phone contacts.
- It can read and steal your call list.
- It can extract information about your phones, such as its name, your apps, or your storage statistics.
- It can hide its presence on your device by hiding its icon from menus and the app drawer.
As you can see, it is malware that can steal all your personal information and the content of your mobile, it can even spy on what you say on WhatsApp, Telegram, or your phone calls. What’s more, it hides by hiding its icon to make it harder to detect and remove it.
The spying functions of this app are launched through the actions you do on the mobile. For example, when you add a new contact or receive a message, the app will detect it and “wake up” to spy on you and access its contents. Fortunately, as you will see below, it will be enough for you to know some basic things about how Android works and pay some attention to avoid this threat.
How to detect this malware and avoid it
The first thing you need to know to avoid this threat is that all system updates will always come to you through your Android settings. This means that if you see a system update notification you should be wary, as this is not a method that Android will use.
Another thing you should keep in mind is that updates will never come with an APK that you must install. And in the rare case that for some reason this is necessary, you will always download it from the manufacturer’s official website, and never from a third-party application store.
In this regard, you should be extremely cautious with any app you download outside of Google Play. The applications in the official Android store are almost always well tested and are usually quite safe, but the same does not happen with those you download outside. No matter how much they promise you this or that, always be wary by default of all those that you do not know perfectly well and of which you may have heard of, especially if they are not in a famous third-party store.
It is advisable to read all notifications that appear to you in the installation process. For example, when you install an external APK, Android will warn you that this is dangerous so that you are aware that you are not doing something normal. This way, you can avoid installing things by mistake.
And finally, always pay attention to the permissions that an application will ask for when you install it. This advice is also useful when you install them within the official Android app store. Here, use common sense, and if an app asks for strange permissions like reading your screen or accessing things it shouldn’t need, then be automatically suspicious.