New Spyware Actively Targets Android Users

New-Spyware-Actively-Targets-Android-Users

 

A previously undiscovered Android malware has been discovered, which is designed to collect data from users. Its infrastructure is identical to that of the Russian Turla organisation, although it is not responsible for the campaign.

 

Malware for Android

Process Manager is a malicious APK that serves as Android spyware, according to Lab52 researchers.

The spyware takes data such as logs, SMS, recordings, and event alerts, which it sends to the C2 server at 82[.]146[.]35[.]240 in JSON format.

Following installation, the malicious programme tries to disguise itself as a gear-shaped icon, posing as a system component.

The software requests for permission to utilise about 18 permissions when it initially launches, including access coarse location, fine location, network status, WiFi state, camera, and write external storage.

When the spyware has been granted all of the necessary rights, its icon is deleted, and it operates in the background, with no visible signs of its presence other than notification.

 

Increased payloads

The research team noticed that the malware uploads new payloads to the device while studying it.

In one scenario, a programme called Roz Dhan: The Play Store is used to obtain Earn Wallet currency.

This software has a money-making referral system and has already had over 10,000,000 downloads.

The spyware downloads the APK to earn a fee through the app’s referral system, which is odd considering that the connected threat actor is known for focused on cyberespionage.

 

Conclusion

Malicious software is a growing business, and ignoring security warnings might cost you a lot of money. Most importantly, never download an app from a third-party source.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!