Russian malware currently targets Android smartphone users. This is dangerous malware that is able to read text messages, listen in on calls or record conversations using the smartphone’s microphone.
This is how Russian malware works
The malware comes from the Turla group. That is a Russian state-backed group of hackers known for using modified malware to attack European and American systems, mainly for espionage purposes. These hackers have hidden the malware in a seemingly harmless app. That is what the cybersecurity researchers at Lab52 published here on their blog†
The malware spreads through an installation file (APK) called ‘Process Manager’. Once this file is installed on the smartphone, the malware will ask the victim to consent to a whole range of Android permissions. It concerns the following 18 permissions:
- Access coarse location
- Access fine location
- Access network state
- Access WiFi state
- Camera
- Foreground service
- internet
- Modify audio settings
- Read call log
- Read contacts
- Read external storage
- Write external storage
- Read phone state
- Read SMS
- Receive boot completed
- Record audio
- Send SMS
- wake log
Then a remote server in Russia receives all the information from the smartphone. To prevent the victim from deleting the app, the malware causes the Process Manager icon to disappear from the home screen. Many spyware are known for this and thus make the owners of the phones forget about the app. At the same time, the malware secretly installs an app called Rozdhan from the Play Store. This application is used to monetize and contains a referral system which is exploited by the malware. The profits made are passed on to the criminals.
Look after
Presumably, the infected APK is part of a larger system. It is therefore better not to install installation files on your smartphone if you are not sure whether it has been scanned for viruses. Of course, checking the permissions that an app asks for is recommended at all times. Exodus Privacy app is an app that lets you find out what permissions and trackers all apps on your phone use to get more information. You can read more about this app here. In addition, Google has built a privacy function in Android 12, which allows you to see when the camera or microphone is active on your phone based on privacy indicators on the screen. In addition, Google has placed switches in the quick settings of Android 12, to ensure that the camera and microphone don’t work if you don’t want them to. More about both privacy functions can be found here. Is your phone not running on Android 12? Then this is a great alternative.
The most popular malware articles
- 5 signs your phone has malware and what to do
- This malware affects millions of Android users, are you a victim?
- Samsung Galaxy Store Spreads Malware Apps (But Google Detects Them)
- Tens of thousands of Dutch people are already victims of malware via SMS
– Thanks for information from Androidworld. Source