Android malware reaching the Google Play Store is not really something new, as infected apps are being detected on a regular basis, but search giant Google highlights one particular case that it managed to deal with thanks to the recently-released Google Play Protect security feature.
Specifically, Google says it came across a new form of Android spyware called Lipizzan which the company says is somehow linked to an Israeli company working with governments and intelligence agencies across the world.
An in-depth analysis of the malware reveals that apps managed to get past Google’s filters and become available for download in the Play Store using a new approach that relies on two-stage infection process.
“The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a ‘Backup’ or ‘Cleaner’ app,” Google explains.
“Upon installation, Lipizzan would download and load a second ‘license verification’ stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.”
Read more: Google Detects Android Spyware in Play Store, Removes It Before It’s Too Late
Specifically, Google says it came across a new form of Android spyware called Lipizzan which the company says is somehow linked to an Israeli company working with governments and intelligence agencies across the world.
An in-depth analysis of the malware reveals that apps managed to get past Google’s filters and become available for download in the Play Store using a new approach that relies on two-stage infection process.
“The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a ‘Backup’ or ‘Cleaner’ app,” Google explains.
“Upon installation, Lipizzan would download and load a second ‘license verification’ stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.”
Read more: Google Detects Android Spyware in Play Store, Removes It Before It’s Too Late
