SMSVova

SMSVova is a SMS-controlled Android Spyware found in the app named “System Update.” The app was available on the Google Play Store for at least three years, bypassing Google security restrictions, with to one and five million installs. The app claimed to give users access to the latest Android software updates but instead spied on its user. The malware contains an Android service - used to record the user's last known geolocation coordinates, and a broadcast receiver - used to read the victim's incoming SMS messages. The attacker can send SMS commands to the infected device to change the user's password and report the user's current location.

Technical Details:

  • Zscaler provides technical analysis of SMSVova here.
  • BleepingComputer provides technical analysis of SMSVova here.