Android users targeted by a new unidentified spyware

Android Mobile Phone Users Unidentified Spyware Malware Turla Threat Group

A previously unidentified Android spyware has been discovered by researchers targeting Android users to steal their essential and critical information.

Researchers explained that the spyware’s infrastructure is identical to a Russian threat group known as Turla. However, they could not yet attribute the spyware campaign to the Russian-speaking group since the researchers still lack sufficient evidence.

Recently, experts spotted a malicious APK coded as Process Manager that behaves like Android spyware. The spyware is very hostile since it can steal valuable information such as recordings, event notifications, logs, and messages.

The stolen information will then be sent by the spyware in JSON format to the command-and-control server situated in 82[.]146[.]35[.]240.

Furthermore, after installation, the malicious APK file will try to hide in the infected devices as a gear-shaped icon that impersonates a system component or the settings button that is not functioning.

The application will then instruct the targeted user to allow it to use more than 15 permissions after its first launch on the device. Some of these permissions include access to file location, coarse location, WiFi status, network status, write external storage, and camera.

 

The Android spyware will hide upon acquiring what it wants.

 

If the spyware receives all the desired permissions from the device owner, it will delete its icon and only operate in the background. The user will no longer detect the spyware since it will only work behind the scenes, but its presence will be seen during notifications.

The researchers also discovered that the spyware could download additional payloads to the infected device. In one particular instance, an application called Roz Dhan: Earn Wallet is downloaded by a user directly from Google Play Store.

The compromised application seems very attractive to many users since it featured a money-generating referral system with more than 10 million downloads. However, the strange thing about the APK is the spyware downloads through the application’s referral system for earning commission, which is not the characteristic of its threat actors that focuses on cyberespionage.

As of now, malicious apps can be acquired by an unaware user through almost any platform. Experts advise users to refrain from downloading third-party apps and double-check sketchy apps offered in official app stores.

About the author

Leave a Reply