Security researchers from Google have uncovered a new form of Android spyware which is capable of monitoring and stealing emails, calls and private messages.
The malware, dubbed Lipizzan, is capable of using the microphone on a smartphone to record calls, take photos with the camera, take screenshots and exfiltrate text messages, as well as extract data from a long list of popular apps.
Google released information about the Lipizzan in a post on its security blog.
According to the post, Google security researchers stumbled across Lipizzan while they were investigating another form spyware called Chrysaor.
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls and media,” Google said.
In total Google’s security researchers found 20 apps in the Google Play Store that were found to contain the Lipizzan spyware. All the apps had unassuming names like “Cleaner”, “Backup”, or “Sound Recorder” Google said. The apps have now been removed from the Play Store and Google’s new Play Protect program has sent alerts to infected devices.
While the origin of the spyware is unknown, Google said its researchers found links to a shadowy organisation called Equus Technology, which deals in cyber arms and hacking tools, in Lipizzan’s code.
Google also said that around 100 devices were infected with the spyware, which suggests it was a very targeted attack.
According to Google, once the infected app was installed on the device it granted itself root access and could be used to take over the microphone and camera, take screenshots and track the victim’s location.
Google said that apps affected by Lipizzan include Gmail, Hangouts, KakaoTalk, LinkedIn, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber, and Whatsapp.
The advice from Google on how to protect yourself from Lipizzan is as follows:
– Ensure you are opted into Google Play Protect.
– Exclusively use the Google Play store. The chance you will install a PHA is much lower on Google Play than using other install mechanisms.
– Keep “unknown sources” disabled while not using it.
– Keep your phone patched to the latest Android security update.