Google announced that the company is now blocking a newly identified Android malware family called Lipizzan. The security specialists identified several virus strains that are spread on the Google Play store and third-party repositories. The Lipizzan Android malware family contains references to Equus Software, a company that provides technology products for the industry.
Lipizzan Android Malware Family Found on Google Play
Security experts at Google reported a newly identified threat for the Android operating system. The engineers announced the discovery of the Lipizzan malware family which consists of several virus strains that all originate from a single virus core engine. According to the security analysis done by the experts it is a multi-stage malware that is able to perform different actions as ordered by the criminal operators.
The Lipizzan Android Malware is delivered via counterfeit applications listed as “Backup”, “Cleaner” or other system tools. Delivery is done using a two-stage approach that follows a predefined infection method:
- The infection begins with a loader component that is part of the counterfeit app. It launches a script that downloads the second stage.
- The second stage loads the actual malware engine. The infected device is scanned, sensitive system is user data is extracted. A network connection is initiated with command and control (C&C) servers operated by the criminal operators to notify them of the infection.
While the infection is carried the malware engine performs several system checks. If they are passed the affected devices are rooted using a hardcoded exploit. This allows the virus to perform deep-level system commands as instructed by the hackers. The Lipizzan Android Malware has demonstrated the following capabilities:
- Surveillance – Lipizzan allows the criminals to spy on the infected devices in real time.
- Sensitive Data Extraction – The Android malware is able to extract and transmit all kinds of private user data. This includes stored email messages, account credentials, SMS messages, location data, voice calls and all stored multimedia.
- Device Root – The infected devices can be rooted using a built-in exploit.
The Google security team has extracted the full list of affected data: phone calls, VOIP recordings, microphone recordings, exact location data, screenshots, camera photos, device information, hardware specifications of the device, user information, Google pps, LinkedIn, KakaoTalk, Facebook, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber and WhatsApp.
Lipizzan Android Malware Shut Down By Google
According to the Google security team when the malware was identified and subsequently removed from the Google Play repository there were fewer than 200 affected devices. The identified Lipizzan virus samples and related apps were removed from the Android repository and all installs blocked. The list of malicious packages include the following:
.com.safe.datasaver, com.and.goldbackup, com.star.backupstar, com.veramon.backupit, com.app.thunderbackup, com.kopos.nowbackup, com.appnow.backupdroid, com.apptimmus.androidbackuppro, com.app.backupfast, com.app.instantbackup, com.sd.sdbackup, com.app.procleaner, com.app.alarmmanager, com.app.soundrecorder, com.mem.notesplus, com.app.processcleaner, com.kobm.devicecleaner, com.yonni.deviceoptimizer, com.haima.ultracleaner, com.android.mediaserver.
The Google security team recommends that all Android users follow the basic protection guidelines:
- Employ the Google Play Protect Services – The newer version of the Google Play store services include the new safety feature developed by the company “Google Play Protect”. It actively scans the installed applications for any malicious actions and proactively defends against potential threats.
- Trust Only the Google Play Store – Google employs several security mechanism that severely lower the chance of getting infected with a virus app if the users employ their software repository.
- Disallow Sidealoading of Apps – Android users are discouraged from installing applications downloaded from other sources as they may contain malicious content.
- Employ the Latest Device Patches – Device owners are encouraged to apply the latest software and operating system updates issued by the manufacturers as soon as possible to prevent potential virus infections or hacker attacks.