Mobile News

Android malware found linked to Russian attackers capable of recording audio and tracking your location

A new Android malware has been discovered and detailed by a group of security researchers that records audio and tracks location after being installed on a device. The malware uses the same shared hosting infrastructure previously used by a Russian hacking team known as Turla. However, it is not clear if Russian government support is directly related to the newly discovered malware. It infiltrates through a malicious APK file that works like Android spyware and performs actions in the background without giving any clear reference to users.

Researchers at Lab52, a threat intelligence company, identified Android malware called Process Manager. Once installed, it appeared on the device’s app drawer as a gear-shaped icon disguised as a preloaded system service.

The researchers found that the app asks for a total of 18 permissions when first launched on the device. These permissions include access to the phone’s location, Wi-Fi information, taking photos and videos from the camera’s built-in sensors, and a voice recorder to record audio.

It’s not clear if the app obtains permissions by abusing the Android accessibility service or tricking users into granting them access.

However, after the first launch of a malicious application, its icon is removed from the application drawer. However, the app is still running in the background and its active state is shown in the notification bar.

The researchers noticed that the app sets up the device based on the permissions it receives to start running the task list. These include information about the phone it was installed on, as well as the ability to record audio and collect information, including Wi-Fi settings and contacts.

In particular, in the audio recording part, the researchers found that the application records audio from the device and extracts it in MP3 format to the cache directory.

The malware collects all the data and sends it in JSON format to a server located in Russia.

Although the exact source from which the malware enters devices is unknown, the researchers found that its creators abused the referral system of an app called Roz Dhan: Earn Wallet Cash, which available for download on Google Play and has over 10 million downloads. The malware is said to download a legitimate app which ends up helping the attackers install it on the device and profit from their referral system.

This seems relatively uncommon for spyware, as the attackers seem to be focused on cyber espionage. Like a beeping computer Notesthe app’s strange loading behavior to earn commissions from its referral system suggests that the malware may be part of a larger system that has yet to be discovered.

That being said, Android users are advised to avoid installing unknown or suspicious apps on their devices. Users should also check the permissions of the apps they provide to restrict third parties from accessing their hardware.



Source link

Leave a Reply

Your email address will not be published.

Back to top button