A newly discovered malware infects Android smartphones and steals just about every imaginable data on them. The trail leads to Russia.
Beware of new Android malware: Alleged Process Manager steals data
A newly discovered Android malware steals data from your Android smartphone and transfers it to hackers’ servers. This is reported by the US IT news site Bleepingcomputer based on findings by the security company Lab52. The Android app disguises itself as a “Process Manager”. However, it is currently still unknown how the malware, which is available as an APK file, is distributed. The recipients are probably tricked into installing the app by social engineering.
Malware wants full control over the Android device
But once started, the malicious program on the Android device pretends to be a system tool and uses a gear symbol as its icon. The app requests a variety of rights from the user, including access to Wi-Fi, location, camera, Internet use, contacts, storage write rights, reading and sending SMS and much more. It is currently unknown whether the malware obtains all these rights by exploiting a technical vulnerability, or whether it prompts the user to approve these rights when it is launched.
But as soon as she has gained these rights, she runs in the background and makes her icon disappear. The malware can then, for example, transmit the location of the smartphone to the hackers and write and send texts. In addition, she has full memory access and can take photos and create audio recordings. The stolen data is sent in JSON format to a command and control server in Russia. The malware also downloads other programs onto the androids.
This Android malware uses the same infrastructure used by Russian hacker group Turla to operate. However, it is not possible to say whether this malware also originated from Turla and in this case it even seems rather unlikely. The Russian Turla hackers have attacked systems in Europe and the US in the past, primarily for espionage purposes. Turla is said to be close to the Russian state.
How to protect yourself
You should always only install apps from Google Play – although malware occasionally appears there too: Caution: This Android app steals your data – over 100,000 downloads. In addition, you should always check the rights that the app requires before installing it. Check whether the rights requirements are plausible.