Google detected 20 mobile applications which were secretly stealing and recording users’ private data, and the malicious apps were immediately removed from Google Play Store.
Malwares silently creeping into Android devices through Google Play Store apps isn’t exactly a new thing but Google has now become so efficient in detecting malicious apps that they are removing those, way before anyone practically installs it. Recently, Google detected a new form of Android spyware called ‘Lipizzan’ which is said to be based from Israel. Lipizzan is a multi-layered spyware which was spread into 20 different applications through which the developer monitored and recorded users’ private data like calls, emails, SMS messages, location and media files.
Luckily, all 20 Lipizzan-infected apps had only 100 devices in total and the applications were killed even before they could be born. Google has also blocked the developers and all 20 applications have been blocked from Android ecosystem so that they have no way to show up ever again. It was found that Lipizzan-infected applications somehow managed to get past Google’s filters and became available for download on the Play Store. These malicious apps used a two-staged infection process but thankfully these apps were detected immediately by Google’s new Play Protect feature.
The applications were dangerous as they were capable of recording your calls, taking photos from device’s camera, fetch your location, personal details, contacts and media files. They were even capable of retrieving encrypted data from widely used apps like Whatsapp, Telegram and Viber. The two stage strategy Lipizzan used consisted of first step where the app is distributed as a ‘cleaner’ or ‘backup’ app through Google Play. The user will then install the app which will directly load the device with second ‘license verification’ stage which would validate the host device for certain abort criteria. Then the app will run into second stage and root the device to exfiltrate the device’s data onto a secure server controlled by the developer.
But we need not to worry, Google Play Protect will protect us from such malicious malwares and for now, Lipizzan has already been rooted out dead while it was just taking its baby steps. And the Play Store is safe, for now.