The family of spyware has been identified by Google as Lippizan. Its code contains references to a cyber arms company, Equus Technologies. Earlier this year, Google had identified another spyware called Chrysaor and mitigated the threat. Using the same technique, Lippizan was discovered in 20 apps on Google Play Store which had been distributed to over 100 devices in a targeted manner. “Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media,” Google stated. The apps and developers of the apps have been blocked by the company from the Android ecosystem and the devices infected have been notified by Google Play Protect. “We’ve enhanced Google Play Protect’s capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware,” the company added. The Lippizan spyware apps on Google Play Store impersonated apps like ‘backups’ or ‘cleaners’ and upon installation and internal verification, ‘would root the device with known exploits and begin to exfiltrate device data to a Command & Control server’.
Threats posed by the Lippizan Spyware
Once installed on a device, a Lippizan app could perform the following tasks:
Call recordingVOIP recordingRecording using the device microphoneLocation monitoringTaking screenshotsTaking photos from the device cameraFetching device information and filesFetching user information including contacts, call logs, sms.
Social Media and Email Apps Infected by the Spyware
GmailHangoutsKakaoTalkLinkedInMessengerSkypeSnapchatStockEmailTelegramThreemaViberWhatsapp
Google has been increasingly trying to make the internet a safer place for all its users, be it on Android or G Suite and across other services offered by the company. Towards that end, earlier this month Google rolled out additional security features which would protect users against unverified apps. The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.