Google security researchers have detected a new family of tricky Android spyware called Lipizzan, it is a multi-stage spyware product that can monitor and exfiltrate a user’s email, SMS messages, location, voice calls, and media.
The spyware seems to be developed by a startup company called Equus Technologies. Google Play Protect and the Android security team were able to detect the Lipizzan spyware on at least twenty apps in Android Play Store, which affected less than 100 Android smartphones in total.
According to Google:
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media. We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.”
The spyware “Lipizzan” was a sophisticated two stage spyware tool. The first stage detected by Google Play Protect was spread through various channels, including Google Play, and typically impersonated an innocuous-sounding app such as a “Backup” or “Cleaner” app. After Lipizzan installed, it will download and load a second “license verification” stage, which will survey the infected device and validate certain abort criteria. After that, the second stage will then root the device with known exploits and begin to steal the device data and send it to a Command & Control server.
How to protect your self?
“- Ensure you are opted into Google Play Protect.
-Exclusively use the Google Play store. The chance you will install a PHA is much lower on Google Play than using other install mechanisms.
– Keep “unknown sources” disabled while not using it.
– Keep your phone patched to the latest Android security update.”