Skip to content

Fraudulent system update app hacks information on mobile

TTO – Cybersecurity experts have identified an application labelled System Update, with over 1 million download on Google Play, turning out a SMSVova spyware. This spyware hacks information on mobile device.

Fake “System Update” - Screenshots

The spyware tricked mobile users into downloading “System Update” on Play Store, and posed that users run this app to update and upgrade the new version of Android.

Posed on Google Play, this application helps upgrade new version of Android – Image: Zscaler Labs

In reality, once it is downloaded and run, SMSVova is enabled and "Sorry, Update Service has stopped" message appears. Then, the application automatically shuts down and hide itself from the main screen.

But since then, SMSVova secretly run on your mobile phone, it automatically turns on MyLocation Service and control SMS script of the phone.

MyLocation Service feature is turned on – Zscaler Labs


This is coded to search for incoming SMS with a specific syntax, which contains "vova-" and scans a message containing "get faq." - Photos: Zscaler Labs


Once the spyware has been installed on the victim's device, a hacker is able to send a "get faq" SMS to the victim’s phone number - Image: Zscaler Labs

By that way, hackers are able to control this spyware and locate exactly infected mobile devices. Also note that current antivirus softwares cannot detect SMSVova.

It is yet unclear hackers’ ultimate goal, but clearly that stealing information of location on mobile devices certainly serve malicious purposes. In addition, this vulnerability enables the hackers to install other malicious codes.

The “System Update” with SMSVova spyware was launched on Google Play in 2014. It was removed from Google Play right after Zscaler researchers detected and warned Google in private. However, “System Update” still exists somewhere on other app stores. So, be aware when downloading System Update with suspected signs.