Android malware creeping into Google Play store isn’t exactly a new thing. Infected apps are detected on the store every now and then, and they are removed by Google even before anyone realizes or is affected. However, recently a malware was detected by Google, which the company felt it must share with its users. Specifically, Google says it came across a new form of Android spyware called Lipizzan which the company says is somehow linked to an Israeli company working with governments and intelligence agencies across the world.
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media. We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem,” Google wrote in a blog. Google said it could target applications like WhatsApp, Gmail, Skype, and Telegram.
After a detailed research of the malware, the company found that these Lipizzan-infected apps managed to get past Google’s filters, and become available for download on the Play Store using a new approach that relies on two-stage infection process. But thanks to Google’s new Play Protect features, the infection was detected, the Lipizzan apps were removed, and affected devices were notified. ALSO READ: Google Play Protect starts rolling out, adds a layer of security to Android devices
“The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a ‘Backup’ or ‘Cleaner’ app,” Google explains. “Upon installation, Lipizzan would download and load a second ‘license verification’ stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.”
Further, for assurance, Google said that fewer than 100 devices affected by the malware. That means the malware affected only 0.000007 percent of Android devices. Since Lipizzan was identified, Google Play Protect removed Lipizzan from affected devices and actively blocks installs on new devices. YOU MAY ALSO LIKE: Google is using AI and machine learning to identify malware apps on the Play Store