Recently announced Google Play Protect is already earning it’s keep.
Google discovered a new malware, and this discovery warrants the recent release of Google Play Protect. This malware, named Lippizzan was found on the Google Play Store, and went unnoticed by Google’s Bouncer security system.
The malware went unnoticed because the malware operates in a dual stage method. In the first stage, the infected apps had legitimate code, with no malware for the Play Store’s security to detect. Once the malware was loaded on to a user’s device, the second stage was initiated.
In the second stage, the application would download secondary components disguised as a “license verification”. This second step is where things would go bad for the user. These secondary components would scan the phone, root the phone, and utilize exploit packages.
Among the malicious actions which Lippizzan can do are;
Recording from the device microphone
Taking photos with the device camera(s)
Fetching device information and files
Fetching user information (contacts, call logs, SMS, application-specific data)
Retrieve data from each of the following apps: Gmail, Hangouts, KakaoTalk, LinkedIn, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber, and Whatsapp.
Luckily, Google Play Protect scans and monitors actions of apps in use on users phones, as opposed to the Play Store protections which reads the code of apps, and this malware was quickly found.
There have been two waves of this malware attack so far, showing that the malware creators were aware that their attack had been found, and are attempting to find new ways to bypass Google’s security.
It’s great to see that Google is now taking user security seriously, and great to see that this new process is working.
It’s even greater to know that we BlackBerry user’s wouldn’t need to worry about this malware as it requires root access to the phone. Something which has yet to be obtained on BlackBerry Android phones.