Zscaler: Android spyware remains three years undetected in the play store

which has security vendors Zscaler a Android -spyware in the Google play store spotted the there apparently for three years remained . Between an and five has been downloaded millions of times since 2014. The researchers suspect that the app is not detected by antivirus software, since she receive their commands via SMS and not as usual via the mobile Internet.

the spyware called SMSVova is hiding in referred to a system update app that supposedly helps users get new system updates to Android. Instead, she compromised the Smartphone of user and peeks out above all its exact location in real time.

 spyware SMSVova play store (screenshot: Zscaler) on the app, the researchers only became aware by negative reviews of victims. They criticized that the updated app Google’s mobile operating system and instead slows the phone and also the battery consumption increases. Suspected the app was also because their page in the play store contained neither a detailed description and screenshots. There it was said only she update and activate special site functions.

when you first start the app, users are confronted with the error message “Unfortunately the update service has stopped”. Also, the icon of the app from the screen disappears. But the app doesn’t crash – she moved all activity in the background, including a service called MyLocatonService, which determined the last known location of the device.

in addition, the app sets up a function to receive SMS containing the commands for the app. The command “get faq” causes, for example, that protects the spyware with the password “Vova”, which derives their name SMSVova.

after establishing full spyware transmits the location data to their backers. For which the data is used, is, however, unknown. The app was updated most recently in December 2014. Nevertheless she have been further since hundreds of thousands of infected devices, according to the researchers.

the app has now removed from his offer

Google. Zscaler according to it is active but may still be on many devices. That they have received more than two years update, restricts their functionality not likely.

WEBINAR

what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples.

[withmaterialfromDannyPalmer ZDNet.com ]

tip : you are an Android expert? Check your knowledge – with 15 questions on silicon.de

Be the first to comment

Leave a Reply