Published On: Sat, Jul 29th, 2017

Google blocks ‘Lipizzan’ Android spyware

San Fransisco: A new batch of spyware named ‘Lipizzan’ that could capture users’ text messages, voice calls, location data and photos has been discovered and blocked by Google.

Lipizzan’s code contains references to a cyber arms company, Equus Technologies

The company, in a blog post, said it discovered a new family of Android spyware while investigating another spyware named ‘Chrysaor’.

Lipizzan’s code contains references to a cyber arms company, Equus Technologies.

It is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls and media.

“We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps,” the post read.

‘Lipizzan’ spyware was capable of performing tasks that include taking screensots, taking pictures with the device camera, recording from the device’s microphone, call recording and location monitoring.

Lipizzan was a sophisticated two-stage spyware tool.

The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a “Backup” or “Cleaner” app.

Upon installation, ‘Lipizzan’ would download and load a second “license verification” stage, which would survey the infected device and validate certain abort criteria.

If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a command and control server, the post said.

 

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Social Media Auto Publish Powered By : XYZScripts.com