Check your permissions as soon as possible
Russian hackers have been linked to several high-profile cyberattacks, including interfering in the 2016 U.S. presidential campaign. chaos, creating mistrust and coincidently line the pockets of hackers – or their sponsors – as well. Russian state-backed hackers aren’t just interested in targets in the United States or Ukraine. The Turla group – Russian state-sponsored hackers first identified in 2020 – used particularly devious Android malware buried in a seemingly innocent app.
Thanks to Bleeping Computer, we learn that cybersecurity researchers at Lab52 have discovered spyware posing as a useful Android tool called “Process Manager”. The malware is designed to look like a harmless APK, but once installed, it starts to collect sensitive information and send it back to attackers. Once you download it, the app asks for 18 permissions, including access to messaging, location, and audio recording features. Researchers aren’t sure exactly how the malware authorizes itself, but malicious code often does so by taking advantage of Android’s Accessibility Service.
Once the malware has what it needs, it makes another sneaky move and deletes its icon before running silently in the background. In pulling this vanishing act, it relies on a lack of user attention – a kind of “out of sight, out of mind” approach to owning your device. But on the one hand it’s a permanent notification that says “The process manager is running”. There are several unknowns regarding this malware attack, but it is unique, researchers say, as the app also downloads several additional malicious payloads, including a lucrative Play Store app named “Roz Dhan: Earn Wallet cash” which appears legitimate. .
Bleeping Computer assumes that the malicious APK, based on its command-and-control server infrastructure, is part of a larger system, and advises anyone with an Android device to double-check the app permissions they have. granted to its applications, revoking those that could endanger them.
Google Chrome 101 is live in beta, here’s how to get it (APK download)
About the Author