Google security experts discovered a new powerful Android malware designed for cyber spionage.
According to security researchers, Lipizzan malware was developed by the Israeli company Equus Technologies. According to the company’s LinkedIn profile, it specializes in creating “individual innovative solutions for law enforcement agencies, intelligence services and organizations to ensure national security.”
Google employees identified 20 applications infected with Lipizzan spyware. Some of them were available on the Google Play Store.
Infected applications use a two-step process to bypass Google Bouncer security checks. The apps contain legitimate code which can’t be identified as malicious. However, once the infected apps gets installed to a victim’s device, Lipizzan starts to upload an additional module under the guise of a license validation process. In fact, this module scans the data stored on the affected device, and it get the superuser’s privileges using various exploits.
Lipizzan can record phone calls and VoIP conversations, take screenshots, use the device’s camera to take photos, collect information about the victim (contacts, call logs, SMS messages, etc.), and extract data from a number of applications, including Gmail, Hangouts, KakaoTalk, LinkedIn, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber and WhatsApp.
Currently, it’s still unknown who is the operator of this malware, and why the infected apps have been added to the Google Play Store.