Skip to main content

Google shuts down new Android spyware tied to cyberarms company

Google on Wednesday discovered a new Android spyware named Lipizzan that can watch over and capture all activity on your phone — from phone calls to apps. Google took to its Android Developers blog to let users know the spyware has since been blocked, and that references to a cyberarms company called Equus Technologies were found in the spyware.

In April, Google found a similar spyware called Chrysaor that was believed to be written by another cyberarms company — NSO Group. Once installed, it would allow hackers to spy on the same information as Lipizzan — text messages, emails, and voice calls —  as well as the keys you typed on your device. Google was calling it “one of the most sophisticated and targeted mobile attacks” seen yet.

Recommended Videos

While researchers noted that no apps with Chrysaor were discovered on the Google Play store, Lipizzan had different results. On the blog post, Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app. Once installed, Lipizzan would download and enter a second stage called “license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.

Using techniques similar to those used to find and block Chrysaor, Google managed to block the first set of apps on Google Play, but new apps were subsequently uploaded using a similar format. Instead of being marked as backup apps, they were labeled as cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set being taken down. Thecompany was still able to spot the new set of apps not too long after they were uploaded.

There were less than 100 devices that checked into Google Play Protect, created by the company that scans your device to keep it safe along with your data and apps. This means the spyware only affected an extremely small number of Android devices — 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect has removed it from any affected devices and is blocking the installs on new ones.

To make sure your own device is protected from Lipizzan, Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep “unknown sources” disabled while not using it. Lastly, keep your phone up to date with the latest Android security update.

Brenda Stolyar
Former Staff Writer, Mobile
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
Google’s latest Android tools will protect you from a wider range of scams
Scam alert on Android phones.

Over the past few years, Google has released a host of safeguards for calls, messages, and web browsing that increasingly use AI to protect smartphone users from scams. Ahead of the I/O 2025 developers conference, Google has now detailed the next wave of safety features coming to Android devices this year. 

Bad actors often trick users into disabling the built-in safeguards, such as Google Play Protect, sideloading malware apps, and enabling permissions that allow data theft. Google says the next-gen safety features in Android will aim to negate these attacks. 

Read more
From Android 1.0 to Android 16: How Google’s mobile OS has evolved since 2008
Android 16 logo on Google Pixel 6a kept on the edge of a table.

Google I/O 2025 will be livestreaming next week, and software developers from Google are expected to unveil Android 16, which is slated to come out before the summer. The upcoming Android software update is expected to bring a host of new features as well as some returning mechanics from a decade ago.

To hold our excitement for the upcoming conference over, we're going to take a stroll down memory lane with a complete history of Android, from its humble beginnings as a T-Mobile-exclusive mobile tech to an AI-advanced software to grace contemporary smartphones like Google Pixel 9 and Samsung Galaxy S25. Android has come a long way since 2008, and it has a long way to go to be the best mobile software for everyone. That being said, here's a full timeline of Android's evolution.

Read more
Google Chrome is getting an AI-powered scam sniffer for Android phones
Scam warning from Chrome on Android.

Google’s Chrome browser has offered a rich suite of privacy and safety features for a while now. Take, for example, Enhanced Safe Browsing, which was introduced back in 2020. It protects users against unsafe websites and files by using real-time threat detection. 

Three years later, Google switched it from an opt-in mode to a default safety protocol to guard users against phishing attacks, bad extensions, and malicious downloads. Now, the company is deploying its Gemini Nano AI to safeguard smartphone users against potential online scams, especially those hiding as a tech security warning on webpages.

Read more