Skip to main content
  1. Home
  2. Mobile
  3. News

Google shuts down new Android spyware tied to cyberarms company

By

Android spyware
Google on Wednesday discovered a new Android spyware named Lipizzan that can watch over and capture all activity on your phone — from phone calls to apps. Google took to its Android Developers blog to let users know the spyware has since been blocked, and that references to a cyberarms company called Equus Technologies were found in the spyware.

In April, Google found a similar spyware called Chrysaor that was believed to be written by another cyberarms company — NSO Group. Once installed, it would allow hackers to spy on the same information as Lipizzan — text messages, emails, and voice calls —  as well as the keys you typed on your device. Google was calling it “one of the most sophisticated and targeted mobile attacks” seen yet.

Recommended Videos

While researchers noted that no apps with Chrysaor were discovered on the Google Play store, Lipizzan had different results. On the blog post, Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app. Once installed, Lipizzan would download and enter a second stage called “license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.

Related

Using techniques similar to those used to find and block Chrysaor, Google managed to block the first set of apps on Google Play, but new apps were subsequently uploaded using a similar format. Instead of being marked as backup apps, they were labeled as cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set being taken down. Thecompany was still able to spot the new set of apps not too long after they were uploaded.

There were less than 100 devices that checked into Google Play Protect, created by the company that scans your device to keep it safe along with your data and apps. This means the spyware only affected an extremely small number of Android devices — 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect has removed it from any affected devices and is blocking the installs on new ones.

To make sure your own device is protected from Lipizzan, Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep “unknown sources” disabled while not using it. Lastly, keep your phone up to date with the latest Android security update.

Editors’ Recommendations

Topics
Brenda Stolyar
Brenda Stolyar
Former Digital Trends Contributor
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
App subscription fatigue is quickly ruining my smartphone
App Store displayed on an iPhone 14 Pro against a pink background

When I first got an iPhone in 2008, I remember checking out web apps, which were basically websites that I would keep bookmarked on the home screen. Every time I opened them up, they somehow didn’t look like I just launched mobile Safari. Eventually, Apple launched the App Store in July 2008, mostly eliminating the need for antiquated web apps.

Since the App Store opened up, we've gotten to see innovative new apps and games that took our iPhones to a completely new level — showing us what our devices were capable of. I was excited to see and hear about new apps for a variety of things, from task managers to camera replacement apps to photo editors to journals and so much more. Games were also making use of the iPhone’s accelerometer and gyroscope sensors, so it wasn’t just always about touchscreen controls.

Read more
App developers get relief from Google tax in one of Android’s biggest markets
Tinder on the GooglePlay App Store.

Just over a week ago, Google was fined approximately $113 million in India for forcing its in-house billing system on developers making Android apps. While the fine was hefty in and of itself, the laundry list orders issued by the Competition Commission of India were the real concern for Google.

The company has now complied with the most controversial directive by removing the mandatory Google Play billing policy for in-app purchases made in India. In an official update, the company notes that it is “pausing enforcement of the requirement for developers to use Google Play's billing system for the purchase of digital goods and services for transactions.”
Why does it matter?

Read more
Google’s Android monopoly finds its biggest challenge, and Apple might be next
Apps screen on the Google Pixel 7.

The Competition Commission of India slapped Google with two hefty fines over anti-competitive strategies that have allowed it to dominate the mobile ecosystem in India. Totaling over $250 million, the penalties reprimand Google for forcing smartphone makers to avoid Android forks, prefer Google’s web search service, and pre-install popular cash cows like YouTube on phones.

Google was also disciplined for forcing its own billing system on developers that allowed the giant to take up to a 30% share of all in-app purchases for applications listed on the app store. Google is not really a stranger to titanic penalties; The EU handed Google a record-breaking fine of approximately $5 billion in 2018 for abusing its dominant market position — a penalty that was upheld in September this year following Google’s appeal.

Read more