Despite Google's best efforts to protect its users who download apps from its Play Store, some malware inevitably slips through the cracks. While it might be easy to assume that most of that malware is found in obscure software that people shouldn't be downloading anyway, this latest case is proof that if malware does manage to get through, it could impact millions of people.
Research firm Zscaler, and its threat-hunting team ThreatLabz, recently discovered an app on the Play Store that included the Android spyware SMSVova. Looking at the image below, it's hard to imagine why anyone would fall for such an app. Yet, millions of people downloaded this tool which promised to update their device.
Simply called "System Update", the app seemed really popular to those with older phones which no longer receive updates. From that perspective, it's easier to understand why some would try their luck. Not everyone knows that post-support updates will have to come by way of rooting - a simple app download isn't going to accomplish much.
SMSVova, as its name suggests, impacts the SMS system, and seemingly nothing else. Its purpose is to fetch the user's geolocation, which could lead to a number of malicious scenarios.
Once the System Update app is installed, it fails to run from the get-go, and then hides itself. In actuality, its crash means nothing: the spyware gets installed immediately. From that point on, the attacker can send a simple SMS message ("get faq") to the affected user, and is then able to run certain simple commands, including protecting the spyware with a password.
It's not entirely clear what the purpose of this spyware is, but it's beyond creepy. Anyone who's installed the System Update app should consider wiping their entire phone and starting fresh, because it'd likely have to be rooted, and the steps to get rid of it would enter power user territory. Further, always use extreme discretion when downloading apps from developers you've never heard of. This incident is proof of just how possible it still is to get malware onto the Play Store.