Spyware Disguised as System Update Survived on Play Store for Almost 3 Years

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official Google Play Store for at least three years, since 2014, when it was updated the last time.

Google intervened this week, after a report from mobile security firm Zscaler, but by the time Google took it down, between one and five million users had already installed it on their phones.

This happened even if the app's Play Store page looked extremely suspicious, as it featured blank white screenshots and one sentence as its description, reading: "This application updates and enables special location features."

User reviews left on the Play Store page also reflected the app's shady behavior, with Android users complaining the app didn't update their system as promised but simplify disappeared from their screen after they ran it the first time.

New SMSVova spyware was hidden inside the app's code
According to Zscaler researcher Shivang Desai, who analyzed the app's source code in a technical write-up here, the System Update app didn't contain any "system updating" features, but only spyware-like behavior.

Desai says the malware found within, which he named SMSVova, included functionality that set up an Android service and a broadcast receiver.
.....
 
  • Like
Reactions: omidomi and frogboy
frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Spawn said:
You could have hidden treasures buried under your home and go unnoticed for decades. It's sort of the same, except this is spyware.
Click to expand...
I wish this was true, about the hidden treasures under my house. That would be cool. :)
 
  • Like
Reactions: Solarquest and Ink
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Spawn said:
You could have hidden treasures buried under your home and go unnoticed for decades. It's sort of the same, except this is spyware.
Click to expand...
Fetching the dynamite right now. House is built on concrete... for now.

A little worrying that it survived almost 3 whole years though. The spyware, not the house. :eek:
 
Last edited:
  • Like
Reactions: Solarquest and Ink
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
New Update The Google Play Store now lets you download or update three apps simultaneously
Replies
1
Views
199
Android & WearOS
Bot
Bot
silversurfer
    • Like
New Update Google is working on a Download Manager for the Play Store
Replies
1
Views
117
Android & WearOS
Bot
Bot
lokamoka820
    • Like
New Update Google must crack open Android for third-party stores, rules Epic judge
Replies
1
Views
175
Android & WearOS
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top