Skip to main content
  1. Home
  2. Mobile
  3. Android
  4. News

Google shuts down new Android spyware tied to cyberarms company

Brenda Stolyar
By

Android spyware
Google on Wednesday discovered a new Android spyware named Lipizzan that can watch over and capture all activity on your phone — from phone calls to apps. Google took to its Android Developers blog to let users know the spyware has since been blocked, and that references to a cyberarms company called Equus Technologies were found in the spyware.

In April, Google found a similar spyware called Chrysaor that was believed to be written by another cyberarms company — NSO Group. Once installed, it would allow hackers to spy on the same information as Lipizzan — text messages, emails, and voice calls —  as well as the keys you typed on your device. Google was calling it “one of the most sophisticated and targeted mobile attacks” seen yet.

While researchers noted that no apps with Chrysaor were discovered on the Google Play store, Lipizzan had different results. On the blog post, Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app. Once installed, Lipizzan would download and enter a second stage called “license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.

Using techniques similar to those used to find and block Chrysaor, Google managed to block the first set of apps on Google Play, but new apps were subsequently uploaded using a similar format. Instead of being marked as backup apps, they were labeled as cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set being taken down. Thecompany was still able to spot the new set of apps not too long after they were uploaded.

There were less than 100 devices that checked into Google Play Protect, created by the company that scans your device to keep it safe along with your data and apps. This means the spyware only affected an extremely small number of Android devices — 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect has removed it from any affected devices and is blocking the installs on new ones.

To make sure your own device is protected from Lipizzan, Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep “unknown sources” disabled while not using it. Lastly, keep your phone up to date with the latest Android security update.

Editors' Recommendations

Video-editing app LumaFusion to get a Galaxy Tab S8 launch

A tablet featuring the LumaFusion video editing app.

How AR glasses are going from niche gadget to smartphone replacement

A man tries out AR glasses.

Switching from iOS to an Android phone just got way more convenient

Pixel 6 Pro and iPhone 13 Pro.

Pixel 7: Everything we know about Google’s 2022 flagship

A variety of Google Pixel 7 and Pixel 7 Pros sit on a purple background.

15 ways smartphones transformed life as you know it

Man using an iPhone 13 Pro.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Best Nest Thermostat deals for June 2022

amazon slashes prices on google nest smart thermostats for black friday thermostat e 1

Best refrigerator deals for June 2022

best refrigerator deals whirlpool

Best refurbished iPhone deals and sales for June 2022

An iPhone 13 in white color option.

The best video games of June 2022: TMNT, Fire Emblem, and more

An image of the TMNT in Teenage Mutant Ninja Turtles: Shredder’s Revenge.

Best refurbished iPad deals and sales for June 2022

Woman Using 2021 iPad Pro 11-inch

Best Prime Day Deals 2022: More early deals just landed

Prime Day Deals 2021.

6 ways Samsung can make cheap (and good) folding phones

The Samsung Galazy Z Fold 3 and Z Flip 3.