Fake Android Updates: A Growing Problem
The number of Android apps infected with malware keeps climbing. According to reports, millions of devices have been compromised by malicious apps downloaded directly from the Play Store. A banking malware has even put users across Europe at risk. Hackers are constantly looking for new ways to get into your device, sometimes relying on surprisingly simple tactics to trick their targets.
Morpheus: Spyware Hiding as an Update
In a recent report, Osservatorio Nessuno drew attention to Morpheus, a new malware whose name could be a subtle reference to the Matrix movies. The installation method is almost effortless: the malware is hidden inside an app that seems legitimate, supposedly offering an ordinary update. But once installed on an Android phone, the app unleashes Morpheus, which starts collecting huge amounts of data from the device without the user’s knowledge. Because of its simplicity and minimal cost to deploy, researchers labeled Morpheus a “low-cost spyware.”
Zero-Click Attacks Target Users
Security researchers have also warned about more advanced attack strategies. In one scheme, attackers reportedly collaborate with mobile operators to cut victims' mobile data. The user then gets a text message urging them to install a necessary update to restore data access. If the victim follows the instructions, the downloaded malware can take over the device screen, interact with apps, and even mimic popular apps like WhatsApp. Upon restarting the device, the malware imitates WhatsApp, asking the user to confirm their identity with biometric data—potentially giving attackers full control of the account.
Repeated Attacks on WhatsApp
This isn’t the first time malware has targeted WhatsApp, the popular Meta-owned messaging app. Earlier this month, Meta had to issue an emergency warning to users affected by a malware that was reportedly stealing all of their personal data.
