It is a spyware capable of making the user release complete control of the device to criminals, spy on all their browsing and allow personal data and files to be accessed without much effort – including bank and social network information or stored photos and videos.
The threat is propagated as a system update application and must be installed outside the Google Play Store, in the form of an APK. This makes it difficult for the company to ban it, since the biggest responsibility for the installation rests with the user. With all the control under the victim, the malware is even careful not to consume too much data when transferring files to draw less attention. It connects to a server from Firebase itself, Google’s app creation platform, to operate more freely on the system. According to Zimperium, this is one of the most sophisticated Android malware that the company has ever encountered due to the level of complexity of the application and the disguise techniques.
The malware disguised as a system update app even sends notifications to the victim. Source: Zimperium
With informations: Tecmundo