Google security researchers have discovered a new deceptive Android Lipizzan spyware software family can steal a lot of user information, including text messages, emails, voice calls, photos, location data, and other files and spy.
Nicknamed lipizzans, Android Lipizzan spyware seems to be developed by Equus Technologies, an Israeli company that Google indicated as a computer vendor in a blog published on Wednesday.
With the help of Google Play Protect, Android security team found lipizzan spyware in at least 20 applications in the Play Store, which infects Android smartphones with less than 100 in total.
Google has blocked and quickly removed all Lipizzansian application developers and its Android ecosystem, and Google Play Protected has notified all affected victims.
For those who do not know, Google Play Protect is part of the Google Store app game and uses machine learning and analyzing application usage to eliminate hazardous and malicious applications.
Lipizzans: sophisticated multi-stage spyware
According to Google, Lipizzans is a sophisticated multi-stage Lipizzan spyware you get full access to a two-stage Android device.
In the first phase, typically distributed lipizzan spyware assaults masqueraded by a legitimate harmless application such as “Backup” or “clean” through various Android app stores, including the official Play store.
Once installed, Lipizzan spyware automatically downloads the second step, a “license check” to examine the infected device to ensure that the device is unable to detect the second stage device.
At the end of the verification, the second malware stage could root out infected with known Android device exploits. Once embedded, Lipizzan spyware begins exfiltrating device data and then resent it to remote control from malicious.
Lipizzan spyware also collects data from other popular applications
Lipizzan Spyware has the ability to monitor and steal victim email, SMS, images, images, voice calls, contacts, specific application data, location information, and device information messages.
Lipizzan spyware also can collect data from specific applications, mine its encryption, including WhatsApp, Snapchat, Viber, Telegram, Facebook Messenger, LinkedIn, Gmail, Skype, Meeting Sites, and KakaoTalk.
There is very little information about Equus Technologies (which is believed to be behind Lipizzanos) available on the Internet. The company’s LinkedIn account description says:
“Equus Technologies is a private company specializing in the development of innovative solutions tailored to security agencies, secret services, and national security organizations.”
Earlier this year, Google found and blocked a dangerous Android spyware called Crisaore allegedly developed by the NSO Group, which was used in targeted attacks against activists and journalists in Israel, Georgia, Turkey, Mexico, United Arab Emirates And other countries.
NSO Group Technologies is the same Israeli company that built spy surveillance iOS Pegasus initially detected in attacks against human rights activists in the United Arab Emirates (UAE) last year Emirates software.
How to protect your Android device from Lipizzan Spyware?
We highly recommend Android users to follow these simple steps to protect it recommends:
- Make sure you’ve chosen Google Play Protect.
- Download and install applications only from the Official Play Store.
- Enable the “App review” setting.
- Protect your device with PIN or lock password.
- Keep “unknown sources” disabled while it is not in use.
- Keep your device up to date with the latest security patches.