Google discovered a spyware program in the Play Store

28 July 2017
Malicious apps on the Google Play Store are nothing new, with new varieties being discovered regularly, but the search giant highlighted one of its latest findings, which it was able to detect and eliminate in time thanks to a new Google Play Protect feature. According to Google, security experts came across a new form of Android spyware called Lipizzan, which was somehow linked to an Israeli company working with governments and intelligence agencies around the world. A closer examination of the finding revealed that the malicious app had been used to infect devices. If it was appropriate, the application gained root access, exploited known vulnerabilities and began to siphon various information about the user from the device and send it to a remote server. Once the device was infected, Lipizzan could record calls and even ambient sounds through a microphone, track location, take screenshots and photos with a camera, and collect information about users (contacts, text messages, application data). Apps like WhatsApp, Gmail, Skype and Telegram could have been targeted by the malware. According to Google, after the first wave of infected apps was blocked, cybercriminals tried to download a second batch, slightly "optimized" to bypass Play Store filters. "Optimization" consisted of changing the names and encrypting the second stage. According to the company, fewer than 100 devices were infected with the new spyware app, which is only 0.000007% of all Android devices. The search giant was able to eliminate the threat in time and prevent further smartphone infections.