A new batch of spyware named ‘Lipizzan’ that could capture users’ text messages, voice calls, location data and photos has been discovered and blocked by Google.
The company, in a blog post, said it discovered a new family of Android spyware while investigating another spyware named ‘Chrysaor’.
Read also:Google adds SOS Alerts to search results, maps
‘Lipizzan’ Android spyware:
- Lipizzan’s code contains references to a cyber arms company, Equus Technologies.
- It is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls and media.
- They have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total.
- In addition, have blocked the developers and apps from the Android ecosystem.
- Furthermore, Google Play Protect has notified all affected devices and removed the Lipizzan apps.
- ‘Lipizzan’ spyware was capable of performing tasks that include taking screenshots, taking pictures with the device camera.
- In addition, recording from the device’s microphone, call recording and location monitoring.
- Lipizzan was a sophisticated two-stage spyware tool.
- The first stage found by Google Play Protect was distributed through several channels, including Google Play.
- Typically impersonated an innocuous-sounding app such as a “Backup” or “Cleaner” app.
- Upon installation, ‘Lipizzan’ would download and load a second “license verification” stage.
- Furthermore,in which would survey the infected device and validate certain abort criteria.
- If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a command and control serve.