📱 2022-04-05 18:42:24 – Paris/France.
A new Android spyware has surfaced that disguises itself as a system component and can access a variety of functions on the smartphone, including microphone and camera to record user secretly.
Lab52 researchers discovered malicious APK spyware named “Process Manager” and can upload information gleaned from devices it is installed on to third party. It is still unclear how the spyware is distributed, but once installed it tries to hide itself using a gear icon and pretending to be a legitimate component of the Android system, Beeping computer reports.
Gear icon. | Lab52
Once the app is running, a warning will appear asking the user to grant permission to the app, which includes attempts to unlock the screen, screen lock, set global proxy setting, setting screen lock password expiration, setting storage encryption, and disabling. cameras. Lab52 found a large number of permissions it requests, including:
- GPS data including phone location
- The state of the network
- Wifi information
- Full access to the camera for capturing photos and videos
- Audio changes
- Access to call logs
- Access to the contact list
- The ability to read external storage
- The ability to write to a memory card
- SMS access on the SIM card
- Access the audio recorder
- Authorization to send SMS
- Permission to prevent a device from locking up or hibernating
Once selected and executed, the icon disappears and the malicious application continues to run in the background. Curiously, it appears as active in the notification bar. Obviously, this long list of permissions would be a massive violation of user privacy, but the existence of the permanent notification is confusing, because spyware like this would benefit from being completely hidden from view. user.
Notification | Lab52
In any case, information collected from infected devices is sent in JSON format to a command and control server with an IP address in Russia. Beeping computer says the way this spyware works is similar to the methods used by the Russian state-backed hacking group Turla, but refrained from making a definitive link in this case. If Turla is involved, the app can be spread through a variety of social engineering or phishing techniques.
Lab52 found a link to a Google Play Store listing called "Roz Dhan: Earn Wallet cash", which uses a referral system to earn money. The attacker appears to install the app on the target device and make a profit.
Android users are encouraged to review the app permissions they have granted and search for the "Process Manager" app and revoke access if it appears.
Image credits: Header photo licensed via Depositphotos.
SOURCE: Reviews News
Do not hesitate to share our article on social networks to give us a solid boost. 👓