Israel is Targeting Android Users with SMS Tracking Software

Israel is Targeting Android Users with SMS Tracking Software

Israel’s name keeps popping up in security reports on Android. Specifically, companies in Israel – and the Israeli intelligence community – have been accused of creating SMS tracking software targeted at Android users.

In April, Google claimed that it had found “the most dangerous Android malware ever seen” when they uncovered a spyware created by NSO Group, an Israeli surveillance company described by Forbes as “The most advanced producer of mobile spyware on the planet.” The malware worked in a similar way to the infamous Pegasus SMS tracking software for iOS.

Now, this past week, Google found another malware targeted towards its Android operating system.

Google claims they believe this new malware may also be the product of the Israeli surveillance community. They’ve called the malware Lipizzan, and traced it back to an Israeli tech startup named Equus Technologies.

The malware appears to be highly targeted. According to Google, the malware has been spotted on fewer than 100 phones.

The malware was only discovered when Google took a closer look at a phone infected with the NSO Group’s malware we mentioned above.

The Malware Silently Stole Microphone Data, Photos, and Other Private Data

“Lipizzan was a sophisticated two stage spyware tool”, explains Google in a blog post published earlier this week.

“The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a “Backup” or “Cleaner” App.”

The malware also appeared to initially fool Google Play Protect’s security platform.

After the innocent-sounding app was installed, Lipizzan would download a “license verification” platform. That second stage would begin exploiting the phone and sending device data to a Command & Control server.

The data included a surprising amount of information from the Android, including:

  • Call recording
  • VOIP recording
  • Activating the phone’s microphone to record any noise
  • Location monitoring
  • Silent screenshots
  • Activating the phone’s camera to silently take photos
  • Fetching device information and files
  • Fetching user information, including contacts, call logs, and app data
  • Stealing SMS messages and sending them to a remote server

The malware sent all of this data to remote servers, explains Google. The malware also had specific processes installed to steal data from popular apps. Modules were found to target Gmail, Hangouts, Messenger, Skype, LinkedIn, Snapchat, Viber, and WhatsApp, for example – so even if you sent messages through these apps instead of SMS, you might not be safe.

Who is Equus Technologies and Why Are They Making SMS Trackers?

Google traced the malware back to a mysterious company called Equus Technologies. That company appears to be based in Israel. Google claims the company is a cyber arms company. Based on information online, Equus is located in Tel Aviv and develops “tailor made active cyber solutions for law enforcement, intelligence agencies, and national security organizations”, according to their LinkedIn profile.

Ultimately, Israel’s intelligence services are famous worldwide for their tracking software. It’s no surprise to see that Israel – or at least, Israel-based companies – have developed advanced SMS and Android tracking software.