Android users are being warned to treat routine-looking system updates with caution after reports highlighted Morpheus, a spyware threat that disguises itself as a harmless Android update while collecting large amounts of user data from infected devices.
The threat was highlighted by Italian digital rights group Osservatorio Nessuno, according to the visible report. The malware is said to hide inside an app that appears legitimate and presents itself as offering an ordinary update. Once installed on an Android phone, it begins gathering data without the user’s knowledge.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Fake Updates Become a Malware Route
The report says malware-infected Android apps continue to pose a growing risk, with millions of devices reportedly compromised by malicious apps downloaded directly from the Play Store. It also notes that banking malware has placed users across Europe at risk.
Hackers rely simple tactics to gain access to devices. In the case of Morpheus, the method appears to involve persuading users to install what they believe is a standard update. The spyware as “low-cost” because of its simplicity and minimal deployment cost.
Morpheus Disguised as a Legitimate App
Experts refer Morpheus as a new malware whose name may be a subtle reference to the Matrix movies. The installation process is described as almost effortless, with the malware concealed inside an app that appears to be legitimate.
After installation, Morpheus reportedly begins collecting large volumes of information from the device. The report does not specify the full range of data collected, but it says the spyware operates without the user’s knowledge and is capable of stealing vast amounts of user data.
Researchers Warn of Zero-Click Tactics
More advanced attack strategies have been deployed involving zero-click methods. In one described scheme, attackers allegedly collaborate with mobile operators to cut victims’ mobile data, after which users receive a text message urging them to install an update to restore access.
If the user follows the instructions, the downloaded malware can reportedly take control of the device screen, interact with apps and imitate popular services such as WhatsApp. After the device restarts, the malware may mimic WhatsApp and ask users to confirm their identity through biometric data, potentially giving attackers control of the account.
WhatsApp has been targeted by malware before. Earlier in the month, Meta issued an emergency warning to users affected by malware that was reportedly stealing personal data.
