The cybersecurity researchers have discovered a piece of spyware hiding as a helpful Android tool called “Process Manager”. The malware is designed to look like a harmless APK, but it begins collecting sensitive information and sending it back to the attackers.
The app asks for 18 permissions, including access to messaging, location, and audio recording functions. These permissions are a serious risk to privacy as it allows the app to get a device's location, send and read texts, access storage, take pictures with the camera, and record audio.
It is said that the state-sponsored Russian hackers the Turla group has been using this particularly sneaky Android malware buried inside a seemingly innocent app. Turla is known for using custom malware to target European and American systems, primarily for espionage.
After receiving the permissions, the spyware removes its icon and runs in the background with only a permanent notification indicating its presence. The information collected by the device includes lists, logs, SMS, recordings, and event notifications, which is then sent in JSON format to the command-and-control server located in Russia.
Once installed, Process Manager attempts to hide on an Android device using a gear-shaped icon, pretending to be a system component. Users of Android devices are advised to review the app permissions they have granted and revoke those that appear overly risky.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
