There are people who just want to see the world burn, and then there are those who want to prey on the weak-minded and uninformed. We can’t do anything about the former, but by the Android gods we will inform you about these malicious tricks. Like this SMSvova spyware posing as a “System Update” app on Play Store.
This “System Update” listing on the Play Store was immediately suspicious to Android security outfit Zscaler. First off, it was showing blank screenshots, which is very uncommon. And then, there was no proper description for the app. The “System Update” title was supposed to fool people that it would provide them with latest Android release. Sadly, nearly 8,000 people were misled.
The app, upon inspection, will set up its own “MyLocationService” for fetching last known location, and an “IncomingSMS (Receiver)” which scans for incoming SMS messages. There’s a way to hack the phone by allowing the service to set up its own password, and access is given to the SMS part of the device from there.
Google, as of time of writing, has removed the app from the Play Store, which is a great thing. Some people won’t be fooled by anything like this – updates for your phone will arrive via official channels. But there are still a lot of people – nearly 8,000 is still a lot – who were misled by this. Be informed, protect your Android device.