Skip to main content

Google shuts down new Android spyware tied to cyberarms company

Android spyware
Image used with permission by copyright holder
Google on Wednesday discovered a new Android spyware named Lipizzan that can watch over and capture all activity on your phone — from phone calls to apps. Google took to its Android Developers blog to let users know the spyware has since been blocked, and that references to a cyberarms company called Equus Technologies were found in the spyware.

In April, Google found a similar spyware called Chrysaor that was believed to be written by another cyberarms company — NSO Group. Once installed, it would allow hackers to spy on the same information as Lipizzan — text messages, emails, and voice calls —  as well as the keys you typed on your device. Google was calling it “one of the most sophisticated and targeted mobile attacks” seen yet.

Recommended Videos

While researchers noted that no apps with Chrysaor were discovered on the Google Play store, Lipizzan had different results. On the blog post, Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app. Once installed, Lipizzan would download and enter a second stage called “license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.

Using techniques similar to those used to find and block Chrysaor, Google managed to block the first set of apps on Google Play, but new apps were subsequently uploaded using a similar format. Instead of being marked as backup apps, they were labeled as cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set being taken down. Thecompany was still able to spot the new set of apps not too long after they were uploaded.

There were less than 100 devices that checked into Google Play Protect, created by the company that scans your device to keep it safe along with your data and apps. This means the spyware only affected an extremely small number of Android devices — 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect has removed it from any affected devices and is blocking the installs on new ones.

To make sure your own device is protected from Lipizzan, Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep “unknown sources” disabled while not using it. Lastly, keep your phone up to date with the latest Android security update.

Brenda Stolyar
Former Digital Trends Contributor
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
Google Lens and Google Pay are about to get more helpful for holiday shopping
The new Google Wallet app running on an Android phone.

The holiday season is upon us, and that probably means you’ll be doing a lot of shopping in the coming weeks. Google is doing its part to help make that shopping experience a bit easier, especially if you want to do some in-person shopping rather than online, with some new features hitting Google Lens and Google Pay ahead of the holidays.
Shop better through Google Lens

According to Google, Google Lens performs about 20 billion visual searches each month, and about 20% of those are shopping-related. Today's update helps make Lens more useful by giving you insights tailored to the store you are currently in so you can make informed decisions.

Read more
I tried a new Android phone that puts some of the best smartphone cameras to shame
The rear camera setup on the Oppo Find X8 Pro.

It’s been a few years since I was surprised by a smartphone camera’s zoom performance. With Samsung offering 100x zoom on its Galaxy S Ultra lineup, little has shocked me with smartphone cameras — until now.

The Oppo Find X8 series is the successor to the Find X7 series from last year, and alongside several other improvements, there’s also been a significant upgrade in one area: the 30x zoom. Oppo and OnePlus have great cameras at shorter zoom distances, and at a recent briefing, I discovered that we can now add the 30x zoom to the list.

Read more
Google Gemini is about to get a big upgrade for iPhone users
Person holding a phone with Google Gemini Live being shown.

Google Gemini, launched earlier this year for Android and iOS devices, has up until now only been available as a standalone app for Android users. In contrast, Apple users have had to access Google Gemini through the Google app. However, this situation is about to change.

As noted by 9to5Mac, at least one Apple user in the Philippines has been able to download the Google Gemini app from the App Store. However, it hasn’t appeared in other App Stores worldwide, including in the U.S.

Read more