There is a newly discovered app that pretends to be a regular system update but, in fact, is a malicious malware that infects your phone and steals all of your data. It also follows your every movement and can access your online search history.

This particular app was discovered by the mobile security firm Zimperium and is simply called “System Update”. Zimperium classified this app as a (RAT) Remote Access Trojan, these kinds of apps typically give full access to hackers to manipulate your device from afar.

“It’s easily the most sophisticated (RAT) we’ve seen,” stated Shridahar Mittal, Zimperium CEO. He also believes that this app is part of a “targeted attack”. He also states that the capabilities of this trojan app are pretty horrifying, it can access absolutely everything in your phone including, your call logs, contacts, your instant messages, database files, whatsapp messages, activate your camera to take pictures as well as your mic to record audio, and last but not least your GPS so it always knows your real time location.

The app’s spying capabilities are activated once the device receives new information. It will look up for new data received such as phone calls, text messages, etc, to then immediately record the conversation and send a report to the C&C server as an encrypted ZIP file. Once this process is completed the app will erase evidence of its own activity, leaving no trace of what it has been doing.

On the bright side, this app has never been offered on Google Play Store and it can only be downloaded through a third party store. This is a good reminder to only download apps from trusted sources to avoid letting your data fall into the hands of some dark web malicious actor.

On the other hand, this shouldn’t give you too much comfort because a recent study done last year showed that the Google Play Store was actually the “main distributor” of dangerous apps for Android. This is not because they lack security but the fact that the store is so big that it’s bound to happen where some bad apples get missed here and there.

Lastly, be extra careful with what you download and take the time to inform yourself about the developer and where exactly the application is coming from.