Check your permissions as soon as possible
Russian hackers have been linked to several high-profile cyberattacks, including interfering in the 2016 US presidential campaign. The Kremlin’s motives for these attacks are not always clear, but generally they are designed to sow chaos, create suspicion, and coincidentally also fill the pockets of the hackers – or their sponsors. Russian state-backed hackers are not only interested in pursuing targets in the US or Ukraine. The Turla group – state-sponsored Russian hackers first identified in 2020 – have used a particularly sneaky Android malware buried in what appears to be an innocent app.
Via Bleeping Computer, we learn that cybersecurity researchers from Lab52 have discovered a spyware masquerading as a helpful Android tool called Process Manager. The malware is designed to look like a harmless APK, but once installed, it starts collecting sensitive information and sending it back to the attackers. Once you download it, the app will ask for 18 permissions, including access to messaging, location, and audio recording features. Researchers aren’t sure how the malware grants itself permission, but malicious code often does so by using the Android accessibility service.
Once the malware has what it needs, it pulls another sneaky move and removes its icon before silently running in the background. In pulling off this act of disappearance, it relies on a lack of user awareness — sort of an “out of sight, out of mind” approach to owning your device. But for one thing, that’s a persistent notification that says “Process Manager is running.” There are several unknowns regarding this malware attack, but researchers say it is unique as the app also downloads several additional malicious payloads, including a money-making Play Store app called “Roz Dhan: Earn Wallet cash” that appears legitimate.
Bleeping Computer speculates that the malicious APK is part of a larger system based on its command-and-control server infrastructure and advises anyone with an Android device to check what app permissions they have granted their apps, and all possible to revoke it endanger.
How to use Google Live Transcribe
About the author