Skip to main content

Google shuts down new Android spyware tied to cyberarms company

Android spyware
Image used with permission by copyright holder
Google on Wednesday discovered a new Android spyware named Lipizzan that can watch over and capture all activity on your phone — from phone calls to apps. Google took to its Android Developers blog to let users know the spyware has since been blocked, and that references to a cyberarms company called Equus Technologies were found in the spyware.

In April, Google found a similar spyware called Chrysaor that was believed to be written by another cyberarms company — NSO Group. Once installed, it would allow hackers to spy on the same information as Lipizzan — text messages, emails, and voice calls —  as well as the keys you typed on your device. Google was calling it “one of the most sophisticated and targeted mobile attacks” seen yet.

While researchers noted that no apps with Chrysaor were discovered on the Google Play store, Lipizzan had different results. On the blog post, Google explained the latest spyware was distributed through the Play Store in the form of what looked like a harmless “backup” app. Once installed, Lipizzan would download and enter a second stage called “license verification” to scan the infected device. If given permission to proceed, the spyware roots the device with known Android exploits and begins to send data from the device to a command and control server.

Using techniques similar to those used to find and block Chrysaor, Google managed to block the first set of apps on Google Play, but new apps were subsequently uploaded using a similar format. Instead of being marked as backup apps, they were labeled as cleaner alarm manager or sound recorder apps instead and uploaded within a week of the first set being taken down. Thecompany was still able to spot the new set of apps not too long after they were uploaded.

There were less than 100 devices that checked into Google Play Protect, created by the company that scans your device to keep it safe along with your data and apps. This means the spyware only affected an extremely small number of Android devices — 0.000007 percent to be exact. Since finding Lipizzan, Google Play Protect has removed it from any affected devices and is blocking the installs on new ones.

To make sure your own device is protected from Lipizzan, Google urges users to make sure they have opted into Google Play Protect. They should also download exclusively from the Google Play store and keep “unknown sources” disabled while not using it. Lastly, keep your phone up to date with the latest Android security update.

Editors' Recommendations

Brenda Stolyar
Former Digital Trends Contributor
Brenda became obsessed with technology after receiving her first Dell computer from her grandpa in the second grade. While…
Google just announced 10 huge updates for your Android phone
The Home Screen on the Google Pixel 8 Pro.

Google I/O, the annual everything-Google-software fest, has kicked off. As usual, Android takes center stage. From enhanced privacy and Google Wallet upgrades to theft detection and app safety checkups, there’s a lot to look forward to here.

From Android 15 features to more general Android updates, here’s a breakdown of all the major Android announcements from I/O 2024.
Making life easier with Google Wallet

Read more
Did you buy a Google Pixel 8a? These are the first 9 things you need to do
Google Pixel 8a in Aloe.

Ahead of Google I/O 2024, Google revealed the Google Pixel 8a, and it’s turning out to be one of the best phone values in a while. It boasts a beautiful OLED display that now sports a 120Hz refresh rate, the Tensor G3 chip, Gemini Nano, a larger battery, wireless charging, and a refreshed design with some fun new colors. In short, there's a lot to dig into.

There is definitely a lot to like about the Google Pixel 8a, and as such, we don't blame you if you aren't sure where to start. If you just picked one up, then make sure you do these things first!
Turn on Smooth Display

Read more
Google is making it easier for you to find and download Android apps
Google Play on the Oppo Find N2.

Google announced a wide range of features for Android phones at the I/O 2024 developers conference earlier today. However, the event was not all about user-facing changes. The company also revealed a handful of new tricks for developers to showcase their apps effectively while maintaining a vigilant eye on safety.

Among the most important changes -- one that is also going to make life easier for users - is support for more payment options. The most notable of these is support for installment subscriptions, which has already yielded positive results for developers in the early access phase.

Read more