Google Discovered a New Malware Lipizzan, Can Access Calls, WhatsApp, Gmail Data
Google has now taken many measures to protect users and to quickly detect and remove such malicious apps. In the search for malware, the Google team keeps making interesting discoveries. Google's security researcher discovered a new malware named "Lipizzan" Trojan, which is relatively unambiguous about a state Trojan, when searching the play store for irregularities.
This was the reason for the team's success because only a very small user group was affected - less than 100 devices - despite the fact that more than 20 apps were infected in the Play Store. In addition, the apps were developed by an NSO Group, a cyber arms company( Israeli cyber arms dealer).
The experts have called the malware as "Lipizzan" Trojan, and have described it as follows: As a first step, safe apps with names such as "Backup" or "Cleaner" can be installed from the Play Store and then, load a second "license verification" stage. With this, they are then able to listen to calls, to permanently switch on the microphone, to capture screen shots, to locate the location and shoot photos.
In addition, the app has features that allow access to data from WhatsApp, Gmail, Snapchat, Skype, and a variety of others. All this without the user's root or user's permission, because a number of operating system vulnerabilities were exploited.
When Google discovered this, they removed the apps from the Play Store and then waited a few days. After just a few days, the same code was found in the Play Store, but this time in other apps with names such as "Notepad", "Cleaner" or "Sound Recorder". In addition, the damaged content in the second stage was now downloaded encrypted, making them even more difficult to find - but Google's team was just warned.
Meanwhile, the new Google Play Protect can also discover these apps and the code and automatically remove such apps from the Play Store. Google has nevertheless informed all concerned users of the possible espionage in the past. In addition, the installation of new apps with this code has been blocked on new devices.