Android Malware Discovered with Russian Attackers, Capable of Recording Audio and Tracking Your Location

title image

A new Android spyware that collects audio and tracks position has been discovered and documented by a team of security experts. The virus makes use of the same shared-hosting infrastructure that was previously discovered to be utilised by Turla, a group of Russian hackers.

However, it is unclear if the Russian state-backed outfit is linked to the newly found spyware. It infiltrates the system via a malicious APK file that functions as Android spyware and executes tasks in the background without providing any apparent references to users.

The Android virus known as Process Manager has been found by researchers at threat intelligence firm Lab52. Once installed, it showed as a gear-shaped icon in the device's app drawer, masquerading as a preloaded system service.

When the app is launched for the first time on the device, the researchers discovered that it requests a total of 18 permissions. These rights include access to the phone's location, Wi-Fi information, the ability to shoot photographs and movies using the inbuilt camera sensors, and the ability to use the voice recorder to record audio.

It is unclear if the app obtains rights via exploiting the Android Accessibility service or by duping users into granting them permission.

However, the malicious program's icon gets deleted from the app drawer after the first time it is run. The programme, on the other hand, continues to function in the background, with its active state visible in the notification bar.

The researchers discovered that the software configures the device based on the permissions it obtains in order to begin executing a list of actions. These include information on the phone on which it is installed, as well as the capacity to capture audio and gather data, such as Wi-Fi settings and contacts.

The researchers noticed that the software captures audio from the device and extracts it in MP3 format in the cache directory, particularly in the audio recording section.

The virus gathers all of the data and transfers it in JSON format to a server in Russia.

Although the specific source of the infection is unknown, the researchers discovered that its authors manipulated the referral system of an app called Roz Dhan: Earn Wallet Cash, which is accessible for download on Google Play and has over 10 million downloads.

The virus is reported to download the legal software, which then assists attackers in installing it on the device and profiting from its referral system.

Because the attackers appear to be focused on cyber espionage, spyware appears to be quite infrequent. According to Bleeping Computer, the unusual behaviour of installing an app in order to earn commissions through its referral system shows that malware might be part of a broader system that has yet to be found.

However, Android users should avoid installing any unfamiliar or questionable apps on their smartphones. Users should also review the app permissions they grant in order to limit third-party access to their hardware.

News by: NewsPen Added on: 04-Apr-2022

DISCLAIMER: The news content above is submitted by Newspen users and also scrapped from external websites.