Lab52 cybersecurity researchers have discovered a new malicious Android malware called “Process Manager”. It can record your audio, track locations, send or read texts, and even access your storage to use the camera or view images.
To make matters worse, the Process Manager malware uses a gear-shaped icon, so that it looks like a system settings app, which allows it to easily hide on a user’s device. This Android malware also does not hide, as you will see a persistent notification that “Process Manager” is running. Everything will look official, but that’s definitely not good.
Researchers haven’t figured out how it’s distributed, but once a victim installs it, the app quickly requests access to the device’s creepy and dangerous permissions. Some of them include device location data, Wi-Fi status, cameras, audio, microphone, read and write storage access, and can even read or send text messages. The app icon disappears once it has access to these device privileges, but you will still see the running process in the drop-down notification bar.
It all sounds scary, and it is, but surprisingly, the app doesn’t seem to do anything too malicious for the end user. Once installed, researchers found that it downloads a lucrative app from the Google Play Store using a referral code. The app is called “Roz Dhan: Earn Money with Wallet”. The scam works because it has over 10 million downloads. The creators of this Android malware earn money for each download.
Anyone using a device on Android 10 or above can access the permissions on their device and revoke access to specific permissions or search for suspicious apps such as this. Unfortunately, it’s not yet clear what else this malware does behind the scenes or how users get it, but that’s another thing to keep in mind.