Malware researchers at Google have spotted a new strain of Android spyware dubbed Lipizzan that could exfiltrate any kind of data from mobile devices and use them as surveillance tools.
The Lipizzan spyware is a project developed by Israeli startup Equus Technologies, the company description on LinkedIn reads:
“Equus Technologies is a privately held company specialising in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organisations.”
The experts have found the Lipizzan spyware sample in the wild while investigating other threats, the IT giant used also the recently presented Google Play Protect technology.
“In the course of our Chrysaor investigation, we used similar techniques to discover a new and unrelated family of spyware called Lipizzan. Lipizzan’s code contains references to a cyber arms company, Equus Technologies.” states the analysis published by Google.
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media.”
Google researchers have found at least 20 apps in Play Store which infected fewer than 100 Android smartphones in total, the company classified the infections as targeted attacks.
“We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.” states Google.
Google removed the infected apps from the stores, while Google Play Protect has notified all affected victims.
The Lipizzan spyware is a sophisticated multi-stage spyware that could be used by attackers to gain full access to a target Android device in two phases.
In the first stage, attackers distribute Lipizzan by concealing it as a legitimate app such “Cleaner” through the Android app stores, including the official Play store.
Once the victims have installed the malicious code, it would download and load a second “license verification” stage.
Experts explained that the Lipizzan spyware is able to monitor and steal victim’s email, SMS messages, screenshots, photos, voice calls, contacts, application-specific data, location and device information.
The spyware is also able to collect data from specific apps, including WhatsApp, Snapchat, Viber, Telegram, Facebook Messenger, LinkedIn, Gmail, Skype, Hangouts, and KakaoTalk.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – (Lipizzan spyware, Google)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.