Skip to main content
  1. Home
  2. Mobile
  3. News

Google shuts down new Android spyware tied to cyberarms company

By

Android spyware
Image used with permission by copyright holder
Google on Wednesday discovered a new Android spyware named Lipizzan that can watch over and capture all activity on your phone — from phone calls to apps. Google took to its Android Developers blog to let users know the spyware has since been blocked, and that references to a cyberarms company called Equus Technologies were found in the spyware.

In April, Google found a similar spyware called Chrysaor that was believed to be written by another cyberarms company — NSO Group. Once installed, it would allow hackers to spy on the same information as Lipizzan — text messages, emails, and voice calls —  as well as the keys you typed on your device. Google was calling it “one of the most sophisticated and targeted mobile attacks” seen yet.

Recommended Videos

While researchers noted that no apps with Chrysaor were discovered on the Google Play store, Lipizzan had different results. On the blog post, Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app. Once installed, Lipizzan would download and enter a second stage called “license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.

Related

Using techniques similar to those used to find and block Chrysaor, Google managed to block the first set of apps on Google Play, but new apps were subsequently uploaded using a similar format. Instead of being marked as backup apps, they were labeled as cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set being taken down. Thecompany was still able to spot the new set of apps not too long after they were uploaded.

There were less than 100 devices that checked into Google Play Protect, created by the company that scans your device to keep it safe along with your data and apps. This means the spyware only affected an extremely small number of Android devices — 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect has removed it from any affected devices and is blocking the installs on new ones.

To make sure your own device is protected from Lipizzan, Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep “unknown sources” disabled while not using it. Lastly, keep your phone up to date with the latest Android security update.

Editors' Recommendations

Topics
Brenda Stolyar
Brenda Stolyar
Former Digital Trends Contributor
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
Google is making it easier for you to find and download Android apps
Google Play on the Oppo Find N2.

Google announced a wide range of features for Android phones at the I/O 2024 developers conference earlier today. However, the event was not all about user-facing changes. The company also revealed a handful of new tricks for developers to showcase their apps effectively while maintaining a vigilant eye on safety.

Among the most important changes -- one that is also going to make life easier for users - is support for more payment options. The most notable of these is support for installment subscriptions, which has already yielded positive results for developers in the early access phase.

Read more
Android phones are about to get a major iMessage feature
Google Messages app on a Pixel 8 Pro, showing an RCS Chat message thread.

Being able to edit sent messages is a popular feature on messaging apps like iMessage and WhatsApp. However, it has yet to arrive to the masses via the Google Messages app on Android phones. Thankfully, that could change very soon.

On X (formerly Twitter), Jhow_kira has shared two screenshots demonstrating how the Google Messages editing feature will work in an upcoming software version. Some Android users, including the X poster, are currently testing this new feature.

Read more
Motorola just launched a new Android phone to take on the Google Pixel 8a
A render of the front and back of the Moto G Stylus 5G (2024).

If you have your heart set on a phone with a stylus, you’re probably familiar with Samsung devices like the Galaxy S24 Ultra and the previous Galaxy S23 Ultra. But there is another company out there that ships phones with a stylus — Motorola. Unlike Samsung’s flagship, the new Moto G Stylus 5G (2024) won’t break the bank thanks to its $400 starting price in the U.S.

The Moto G Stylus 5G (2024) is the latest in a series of midrange stylus-equipped phones that Motorola started releasing in 2020. The latest model keeps up with its predecessors with solid midrange capabilities and, as the name indicates, support for 5G.

Read more