Do not sideload this application on your Android phone!
The phone notification in this image is for spyware, not the application
After the application is installed, “the device is registered with Firebase Command and Control (C&C) with details such as the presence or absence of WhatsApp, percentage of battery, storage statistics, token received from the Firebase messaging service and the type of connection of internet. ” Spyware is triggered when several conditions take effect, such as adding a new contact, receiving a new SMS or installing a new application. Spyware is always looking for something to, well, spy on. If it detects that a phone call is taking place, it will record the conversation, add the updated call log and store the information on a command and control (C&C) server as an encrypted ZIP file. To make sure that there is no trace of what happened, spyware deletes the files as soon as it receives a thumbs up from the server stating that the files were received.
The data is then placed in several folders in the spyware’s private storage. A characteristic of spyware is that it always wants updated data. For example, if malicious software is set up to collect a new photo after 40 minutes, this is exactly what will happen. Location data is collected via GPS or over the network, depending on which one has the most recent data. If the current data is more than five minutes old, the location data will be collected and stored again.
Spyware will create a fake notification if the infected device’s screen is off when a command is received using the Firebase messaging service. One of the things this spyware does includes stealing thumbnails of images and video.
There is no doubt that this is a dangerous application. Perhaps the best thing you can do is to avoid sideloading an application called “Software Update”. Or you may want to consider staying away from third-party app stores. After all, check this list of things that this malicious application can do:
- Steal instant messaging messages;
- Steal instant messaging database files (if root is available);
- Inspect bookmarks and searches from the default browser;
- Inspect bookmarks and search history for browsers like Google Chrome, Mozilla Firefox and Samsung Internet Browser;
- Search for files with certain extensions, such as .pdf, .doc, .docx and .xls, .xlsx;
- Inspect the clipboard data;
- Inspect the content of the notifications;
- Record audio and phone calls;
- Take pictures on a timed basis with the front or rear cameras;
- Create a list of installed applications;
- Monitor the GPS location;
- Steal SMS messages; telephone contacts, images and videos and call logs;
- Removing device from device information, such as installed apps, device name and storage statistics; and
- hiding the app drawer and device menu icon.
You can see why it is important to avoid this application at all costs.