Home > Cyber News > Lipizzan Android Malware Could Spy on Users in Real Time
CYBER NEWS

Lipizzan Android Malware Could Spy on Users in Real Time

by   |  Last Update:  |  0 Comments  

Google announced that the company is now blocking a newly identified Android malware family called Lipizzan. The security specialists identified several virus strains that are spread on the Google Play store and third-party repositories. The Lipizzan Android malware family contains references to Equus Software, a company that provides technology products for the industry.

Lipizzan Android Malware Family Found on Google Play

Security experts at Google reported a newly identified threat for the Android operating system. The engineers announced the discovery of the Lipizzan malware family which consists of several virus strains that all originate from a single virus core engine. According to the security analysis done by the experts it is a multi-stage malware that is able to perform different actions as ordered by the criminal operators.
The Lipizzan Android Malware is delivered via counterfeit applications listed as “Backup”, “Cleaner” or other system tools. Delivery is done using a two-stage approach that follows a predefined infection method:

  1. The infection begins with a loader component that is part of the counterfeit app. It launches a script that downloads the second stage.
  2. The second stage loads the actual malware engine. The infected device is scanned, sensitive system is user data is extracted. A network connection is initiated with command and control (C&C) servers operated by the criminal operators to notify them of the infection.

While the infection is carried the malware engine performs several system checks. If they are passed the affected devices are rooted using a hardcoded exploit. This allows the virus to perform deep-level system commands as instructed by the hackers. The Lipizzan Android Malware has demonstrated the following capabilities:

  • Surveillance – Lipizzan allows the criminals to spy on the infected devices in real time.
  • Sensitive Data Extraction – The Android malware is able to extract and transmit all kinds of private user data. This includes stored email messages, account credentials, SMS messages, location data, voice calls and all stored multimedia.
  • Device Root – The infected devices can be rooted using a built-in exploit.

The Google security team has extracted the full list of affected data: phone calls, VOIP recordings, microphone recordings, exact location data, screenshots, camera photos, device information, hardware specifications of the device, user information, Google pps, LinkedIn, KakaoTalk, Facebook, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber and WhatsApp.

Lipizzan Android Malware Shut Down By Google

According to the Google security team when the malware was identified and subsequently removed from the Google Play repository there were fewer than 200 affected devices. The identified Lipizzan virus samples and related apps were removed from the Android repository and all installs blocked. The list of malicious packages include the following:

.com.safe.datasaver, com.and.goldbackup, com.star.backupstar, com.veramon.backupit, com.app.thunderbackup, com.kopos.nowbackup, com.appnow.backupdroid, com.apptimmus.androidbackuppro, com.app.backupfast, com.app.instantbackup, com.sd.sdbackup, com.app.procleaner, com.app.alarmmanager, com.app.soundrecorder, com.mem.notesplus, com.app.processcleaner, com.kobm.devicecleaner, com.yonni.deviceoptimizer, com.haima.ultracleaner, com.android.mediaserver.

The Google security team recommends that all Android users follow the basic protection guidelines:

  • Employ the Google Play Protect Services – The newer version of the Google Play store services include the new safety feature developed by the company “Google Play Protect”. It actively scans the installed applications for any malicious actions and proactively defends against potential threats.
  • Trust Only the Google Play Store – Google employs several security mechanism that severely lower the chance of getting infected with a virus app if the users employ their software repository.
  • Disallow Sidealoading of Apps – Android users are discouraged from installing applications downloaded from other sources as they may contain malicious content.
  • Employ the Latest Device Patches – Device owners are encouraged to apply the latest software and operating system updates issued by the manufacturers as soon as possible to prevent potential virus infections or hacker attacks.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. Remove Android Flashlight Malware This article will help you to remove Android Flashlight malware...
  2. Blackrock Trojan Is a Android Malware Believed to Be Descendant from Lokibot The BlackRock Trojan is one of the newest Android Trojans...
  3. Google’s Latest Android Security Update Fixes 47 Vulnerabilities Google has delivered their last and probably final Android update...
  4. SvPeng Android Malware Spies on Your Banking Services and Your Files A new modification of the Svpeng Android malware has just...
  5. GhostCtrl Android Virus – Spying Users Worldwide Security engineers identified the GhostCtrl Android virus family that has...
  6. Android Virus Ads and Malware Removal Guide Android ads are a growing security problem. There is a...
  7. SLocker Android Ransomware – In-Depth Analysis and Prevention Tips Security engineers discovered that the SLocker Android ransomware family code...
  8. Remove Play-bar.net Redirect Play-bar.net is the web address of a browser hijacker redirect....

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree