Lipizzan, a new spyware family affecting Android devices, is capable of recording through a victim’s device microphone, taking photos with their camera, taking screenshots, exfiltrating SMS messages, and stealing data from a long list of apps.
The spyware was originally discovered by security researchers at Google, who detailed their findings in a Wednesday blog post. According to the post, the researchers found out about Lipizzan while they were investigating another spyware called Chrysaor. In Lipizzan’s code, they found ties to a cyber arms company called Equus Technologies.
Overall, the Google Security team found 20 Lipizzan apps that were targeted at 100 devices, which seems to indicate that the attackers were looking for specific users. The team has since blocked the apps and their developers, and Google Play Protect has alerted the affected devices, the post said.
SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)
Apps with simple names like “Backup” or “Cleaner” were used to distribute the Lipizzan spyware. Once the app was downloaded, it would install a “license verification” to examine the device for specific criteria before rooting it in order to steal the data, the post said.
If properly initiated, Lipizzan could record calls and VOIP communication, as well as record sounds from the device’s microphone. Additionally, the post noted, it could monitor the victim’s location, take screenshots, take photos with the camera, find and steal device information, and steal other information like call logs and app data.
The post noted that the following apps were affected by Lipizzan: Gmail, Hangouts, KakaoTalk, LinkedIn, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber, and Whatsapp.
Because of Android’s massive market share, the platform is a constant target for hackers. The availability of multiple app stores to Android users, and the less stringent app review process, have contributed to the rise in malware in Google’s mobile ecosystem. This has led some to question whether or not Google will ever be able to fully tackle the malware that plagues Android users.
For users wishing to protect themselves against spyware like Lipizzan, the post recommended opting into Google Play Protect, only using the Google Play store to download apps, keeping “unknown sources” disabled when not in use, and always downloading the latest Android security updates.
The 3 big takeaways for TechRepublic readers
- Lipizzan, a new spyware family affecting Android devices, can record a user’s voice, take photos with your camera, and steal app data and device information.
- Google Security researchers only found 20 apps with Lipizzan, affecting around 100 users in total, suggesting that the spyware was very targeted in its approach.
- Malware is a growing threat to Android users, given the open nature of the operating system and its ecosystem.