Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. News

Google takes down Android app that let hackers control your phone through SMS

Add as a preferred source on Google

An internet security company has published its findings on an Android app that contained spyware controlled via text messages. Researchers at Zscaler have determined an app suspiciously titled “System Update” gave attackers the ability to execute commands on a remote device and receive its location data. The app — which was just deleted on Google Play Store — had been available for the last three years, and was listed as having been downloaded anywhere from 1 million to 5 million times.

The reviews all indicate users had been installing System Update believing, unsurprisingly, that it would update the version of Android on their device. Instead, when opened for the first time, the app would display the standard system error message — “Unfortunately, System Update has stopped” — and remove itself from the app drawer.

Recommended Videos

This would activate the spyware, named SMSVova, and set things into motion. SMSVova fetches the user’s location data and begins reading text messages, looking for an SMS message that reads “get faq.” If another device texts “get faq” to the infected party, the latter will automatically respond with a list of commands. By texting these commands to the affected device, the attacker could remotely lock the phone with a password or even issue fake low-battery warnings.

At this point, the attacker is given total access to the coordinates of the infected phone. Although the app is no longer available to download from Google’s marketplace, Zscaler reports it found the code living in another remote access program, called DroidJack.

There is of course no shortage of ways in which an unscrupulous hacker could gain access into your phone, especially with the help of user-installed software. But this is certainly one of the more interesting methods. It’s also quite frightening, considering it gives the attacker so much power through the seemingly harmless and unsophisticated medium of text messages. Then again, in light of the deadly string of emojis that can incapacitate an iPhone, perhaps we shouldn’t be so surprised.

Adam Ismail
Former Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
The Fold 8 Ultra could finally get Samsung’s best cameras
Better low-light, Video LUT, dual recording, and S26 Ultra-grade resolution.
Electronics, Speaker, White Board

The biggest complaint about every Galaxy Z Fold, even the Fold 7 that launched last year, has been the same one: great phone, mediocre cameras. 

Samsung has always reserved its best camera hardware for the Galaxy S Ultra line, leaving Fold buyers with a somewhat compromised experience. According to a new leak, the Galaxy Z Fold 8 Ultra could change that.

Read more
Apple’s foldable could arrive on schedule as Foxconn hires temporary workers to ramp up production
The iPhone Ultra production math is wild, and the deadline pressure is real.
Electronics, Phone, Mobile Phone

Apple's first foldable iPhone is officially in mass production, and Foxconn is throwing everything it has at the ramp to achieve the required numbers. 

What caught my attention in the latest supply chain reports is not just the scale of the hiring campaign, but the pace at which workers are being brought on.  

Read more
INIU SnapGo Air review: A versatile power bank that I don’t dread carrying every day
A compelling blend of fast Qi2.2 charging and portability that's easy to fit in your jeans pocket.
holding charger in hand

View at INIU shop

Quick Review

Read more