Google has recently removed 20 apps from the Android Play Store which were spying on the user’s device by recording calls, fetching email and social media information, taking screenshots as well as photos and videos from the device.
The family of spyware has been identified by Google as Lippizan. Its code contains references to a cyber arms company, Equus Technologies.
Earlier this year, Google had identified another spyware called Chrysaor and mitigated the threat. Using the same technique, Lippizan was discovered in 20 apps on Google Play Store which had been distributed to over 100 devices in a targeted manner.
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media,” Google stated.
The apps and developers of the apps have been blocked by the company from the Android ecosystem and the devices infected have been notified by Google Play Protect.
“We’ve enhanced Google Play Protect’s capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware,” the company added.
The Lippizan spyware apps on Google Play Store impersonated apps like ‘backups’ or ‘cleaners’ and upon installation and internal verification, ‘would root the device with known exploits and begin to exfiltrate device data to a Command & Control server’.
Threats posed by the Lippizan Spyware
Once installed on a device, a Lippizan app could perform the following tasks:
Recording using the device microphone
Taking photos from the device camera
Fetching device information and files
Fetching user information including contacts, call logs, sms.
Social Media and Email Apps Infected by the Spyware