Android: a dangerous Russian malware listens to your conversations!
Cybercrime and Russian hackers are a duo that works very well and has done a lot of damage in recent years, if only during the 2016 US presidential campaign or with the appearance of the Facestealer virus. Backed by the Russian government, groups are attacking websites, spreading misinformation and launching spyware to get your hands on confidential information. Their links to the Kremlin have long been known and it is no wonder that new malware was discovered a few days ago as its army’s offensive on Ukraine has now lasted 40 days.
We hear you 5 out of 5!
Cybersecurity experts from Lab52 have indeed discovered a new and very effective malware that attacks your Android devices.
Check out our new post! Complete dissection of an APK with a suspicious C2 Server https://t.co/QRaba3QbXu
— LAB52 (@LAB52io) April 1, 2022
It hides in an innocuous application called “Process Manager” which seems to want to help you speed up your smartphone and better manage options. However, once downloaded, the latter asks you rather strangely 18 permissionswhose access:
- to your email,
- reading and sending SMS
- to the location coordinates,
- your contact information,
- to the memory of your smartphone,
- listening to your calls,
- the status of your telephone and its identification,
- to audio recording,
- in photography and video shooting.
You can see that, in this non-exhaustive list, some points can do great damage in wartime: including audio recording. If the malware manages to make its way to the smartphone of someone who has confidential information, it will access to crucial data for the continuation of the conflict. Especially since this Trojan Horse (or rather from Moscow) knows how to be discreet.
Well hidden…
This malware will indeed do everything not to be noticed. So, once warm on your phone, he casually deletes his icon and you may even completely forget its existence. Where the virus is strong is that it also allows downloading other malicious files and even allows itself to install Roz Dhan without asking you anything. This Indian application with more than 10 million downloads allows you to earn money by doing various daily tasks: 60 cents to connect, 30 cents to complete a survey or invite a friend… Without you being aware of it, this money goes then head straight into the pirates’ pockets. Imagine the sums on thousands of devices!
All data collected by this malware is sent to Russian serverswhich initially made Lab52 think that it could be the work of Turla, a group of hackers from the same country and strongly supported by the government. However, after a closer study of the software, it would seem that this is not the case. The strangest thing is that the “Process Manager” application that serves as its cover does not seem to be available in APK stores. Its distribution thus includes a real veil of mystery, even if it remains no less real.
Read also: HermeticWiper: Russian malware attacks Ukraine and France
It is therefore a great vagueness that surrounds this virus while we do not yet fully understand its mode of operation, nor where it comes from. However, its presence in a smartphone can cause great harm to its user and have serious consequences as to the use that will be made of the information it will allow to recover. We therefore invite you now to check that you are not on the list of potential victims. It would still be a shame to start the week by finding your bank account looted or the target of blackmail.
