20 apps have been deleted from the Google Play Store after they were found to contain malicious code used to spy on users.
The apps in question monitored users’ email, texts, voice calls, locations, and more, and are said to have been installed on about 100 phones.
By exploiting vulnerabilities to root handsets on outdated versions of the Android OS, the apps – which contained spyware known as Lipizzan – were able to bypass security protections and access restricted user data.
Related: Best Android Apps
As a blog post from Google explains, the apps contained code that would allow them to perform the following functions:
- Call recording
- VOIP recording
- Recording from the device microphone
- Location monitoring
- Taking screenshots
- Taking photos with the device camera(s)
- Fetching device information and files
- Fetching user information (contacts, call logs, SMS, application-specific data)
Information was collected from various other apps, including Gmail, Hangouts, and Messenger, as well as messages from WhatsApp, Telegram, and Viber.
Google says it initially blocked the apps, only to see them return to the Play Store in a similar format with a few changes made.
The apps themselves appear to have been developed by cyber arms company Equus Technologies, and initially posed as utilities for backing up files.
Once they were blocked, the apps began reappearing as “cleaner”, “notepad”, “sound recorder”, and “alarm manager” apps.
As the blog post explains: “Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media. We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem.
Once installed, the apps would begin a second stage involving a licence verification before scanning the device and sending data to a server controlled by the devs.
The company says it has enhanced Google Play Protect’s capabilities to detect the spyware, and lays out some steps to take for users to protect themselves:
- Ensure you are opted into Google Play Protect.
- Exclusively use the Google Play store. The chance you will install a PHA is much lower on Google Play than using other install mechanisms.
- Keep “unknown sources” disabled while not using it.
- Keep your phone patched to the latest Android security update.
What do you make of the latest spyware-packed apps? Tweet us @trustedreviews.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
