The Google cyber security division has unveiled a new breed of a spyware which has advanced capabilities to perform surveillance on targeted android users. The spyware dubbed Lipizzan once deployed on an android device tracks and records text messages, emails and also records calls. The malware is specially designed to monitor location and capture video and audio from the target’s device.

Google has shared the details of the malware in its blog and stated that, “There were fewer than 100 devices that checked into Google Play Protect with the apps (carrying the Lipizzan malware). That means the family affected only 0.000007% of Android devices. Since we identified Lipizzan, Google Play Protect removed Lipizzan from affected devices and actively blocks installs on new devices. “

This is not the first time that Google has detected spywares that has infected targeted devices through Google Play. In April 2017, Google revealed the technical details of another lethal spyware called Chrysaor that was said to have been developed by NSO Group. Google has also mentioned the details of its latest discovery Lipizzan and has tracked its possible developers as cyber arms company, Equus Technologies. The Lipizzan malware codes apparently contain signatures of its developers and that’s how they were able to track its origins.

Technical details explaining how Lipizzan Works:

There are two stages that define the operational success of the Lipizzan spyware. The first stage relates to implanting the Spyware on a targeted device. In this stage the spyware is distributed through various sources such as Google Play. The spyware is carried across to the targeted device through harmless apps such as Backup or cleaner apps. Once the spyware makes its way to the targeted device it would initiate a second verification stage further surveying the infected device. 

In the second stage all know exploits relating to the device are executed which further leads to capturing mobile data and sending it to the command and control server. The exfiltration stage includes performing the following surveillance tasks:

  • Call recording
  • VOIP recording
  • Recording from the device microphone
  • Location monitoring
  • Taking screenshots
  • Taking photos with the device camera(s)
  • Fetching device information and files
  • Fetching user information (contacts, call logs, SMS, application-specific data)

The spyware also procures user-related data from the following apps:

  • Gmail
  • Hangouts
  • KakaoTalk
  • LinkedIn
  • Messenger
  • Skype
  • Snapchat
  • StockEmail
  • Telegram
  • Threema
  • Viber
  • Whatsapp
Thursday, July 27, 2017 By john