A basic fact that Android users should know about their devices is that system updates come automatically and do not require the download and installation of any tool or application.
This is something that millions of users seem to have been unaware of, as in the process of receiving the latest software updates, they fell victim to a well-planned scam by downloading an Android application with spyware.
According to Zscaler security researchers, the "System Update" application was available as a legal app in the Google Play Store. The app falsely promised access to the latest software updates Android (something of course that can not be achieved through any third party application).
Most troubling is that the malicious app had been on the Google App Store since 2014, numbering more than 1 to 5 million downloads.
The application has now been removed from Play Store, but it is estimated that in a period of 3 years it managed to cause great damage, infecting millions of devices with spyware.
Among the possibilities of the malicious application was the monitoring of the exact geographical location of the victims (geolocation), something that could be used for a wide range of malicious activities.
"The application is displayed as a system update (System Update) and sending location information to third parties is not mentioned in its description", points out the Zscaler .
According to the comments of the users who had downloaded the application, after launching it, the following message appeared: "Unfortunately, System Update has stopped", and then it stopped working.
This does not mean that the application really stopped working. Instead, the spyware created a new Android service and ran in the background, retrieving user location information (geolocation) and scanning for any new incoming SMS messages.
According to the researchers, when the application detected a message with the command "get faq" (which was sent by criminals) then the execution of an additional series of malicious commands began.