Google is here again with its latest achievement. This time the new feather to its hat is the discovery and blocking of an insidious Android spyware, Lipizzan. Now, this Lipizzan is infamous for tapping and seizing user text messages, emails, voice calls, photos, location, data and other files. Also, Lipizzan is known for being the professional malware, focusing on deep-pocketed countries.
In a recent blog post, Google regarded that the search for Lipizzan included a process of shifting through innumerable apps using machine learning, app certificate comparison, and the tools to analyze aggregate data from large clusters of mobile data. Google spotted and presented Lipizzan with mobile security firm Lookout at the Black Hat security conference in Las Vegas. Over there all the symptoms lead it to be the product of cyber arms group Equus Technologies.
With reference to this, Megan Ruthven, one of the Software Engineers on Google’s Android Security team, stated that the confirmation on Equus Technologies was mainly based on the fact that it was found on devices that had previously been affected by other specialized types of Spyware.
What is this Lipizzan?
This is a two stage spyware attack, which implies that it divides its operations of clutching its target within two steps. The first step states that the attackers would search for innocent looking apps, with the names like ‘Backup’ or ‘Cleaner’ -with the help of various Android app stores, enlisting even the official Google Play Store. Once the attackers have succeeded in instigating the targets in downloading the malicious app, Lipizzan automatically steps into the second stage. At this point, the app scans the targeted device to ensure that it won’t be able to detect the second stage in action. If no, then Lipizzan, with the help of known Android, exploits to root the device and start sending data about the victim, back out to a command and control server.
The words of assurance from Android Security portrays that it has blocked all the related developers and apps from Android, and Google Play Protect, the automatic app-scanning, and management feature Android, initiated recently, had been successful in pulling out Lipizzan from all devices. Now the good part of the story states that the Lipizzan family has only affected 0.000007 percent of the total Android devices, as per Google.
But this success does not imply that Lipizzan had its effects stopped. This malware is expensive enough to develop or purchase, and are mostly resorted to by well- funded criminal actors, or nation-states to keep a check on high -profile targets. They are not really meant for wide spread surveillance, so in that aspect, more scale makes them more easily identifiable. Lipizzan is found to be more similar to the previous malware like Lookout’s discovery of Pegasus on iOS and Chrysaor on Android.
The above mentioned Pegasus and Chrysaor research are still in the evolving process and the techniques to identify new targeted spyware apps are anyway leading to locating new spyware such as Lipizzan. It might occur that the users might not end up in the targeted 0.000007 percent, but owing to the far reaching effects of these apps, it’s better to be safe than to be sorry.