Google blocks ‘Lipizzan’ Android spyware 

A new batch of spyware named ‘Lipizzan’ that could capture users’ text messages, voice calls, location data and photos has been discovered and blocked by Google.
The company, in a blog post, said it discovered a new family of Android spyware while investigating another spyware named ‘Chrysaor’.

Read also:Google adds SOS Alerts to search results, maps

‘Lipizzan’ Android spyware:

• Lipizzan’s code contains references to a cyber arms company, Equus Technologies.
• It is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls and media.
• They have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total.
• In addition, have blocked the developers and apps from the Android ecosystem.
• Furthermore, Google Play Protect has notified all affected devices and removed the Lipizzan apps.
• ‘Lipizzan’ spyware was capable of performing tasks that include taking screenshots, taking pictures with the device camera.
• In addition, recording from the device’s microphone, call recording and location monitoring.
• Lipizzan was a sophisticated two-stage spyware tool.
• The first stage found by Google Play Protect was distributed through several channels, including Google Play.
• Typically impersonated an innocuous-sounding app such as a “Backup” or “Cleaner” app.
• Upon installation, ‘Lipizzan’ would download and load a second “license verification” stage.
• Furthermore,in which would survey the infected device and validate certain abort criteria.
• If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a command and control serve.