A new spyware has been discovered lurking in Android smartphones, with a still unclear mechanism of diffusion, perhaps with connections to a major group of Russian hackers: here’s how to protect yourself.
After the discovery of a virus that is particularly fond of users’ social credentials, and a real assault on cryptocurrency investors, it is again time for an emergency in mobile cybersecurity, given the discovery of a new malware, again nameless, but (probably) Russian, able to carry out a real espionage-stalker.
In recent days, the Spanish security house Lab52 has discovered an app for Android, therefore in apk format, called “Process Manager”, whose diffusion mechanism is not known which, once installed on the user’s device, after it would somewhat tend to hide its gear icon, designed to look like a system app dedicated to settings. At that point, either by using the accessibility service to grant them by itself, or by inducing the user to do so, it would acquire something like 18 authorizations.
Thanks to the latter, it could know the location of the device, the status of the Wi-Fi network to which it connects, read SMS, read and write on the external memory of the device, use the camera to take photos or record videos, record phone calls, activate the microphone for environmental wiretapping, sending SMS, accessing the services in the foreground, etc.
The data would be sent, in JSON format, to a remote command and control server in the past also used by the Russian hackers of Turla, subsidized by the Kremlin to attack institutions in America and Europe: however, some strange aspects would seem to discourage this attribution. Once installed and hidden, the Process Manager app would tend to show a persistent notification at the top, which accounts for the fact that it is running, in the background (which is strange when it comes to spying operations, aka Advanced Persistent Threat ).
Furthermore, the app in question would also install other payloads (perhaps to throw off suspicions), such as the popular (about 10,000 downloads) “Roz Dhan: Earn Wallet cash”, which promises easy earnings through the Ponzi-style affiliation mechanism, which appears to be installed via the Process Manager reference code, as if hackers intend to earn from its diffusion.
At the moment, security experts advise users to stay alert, checking the permissions section, and revoking those granted to apps that are not trusted, little known, or no longer needed (it being understood that, during installation, it is always well ask yourself if it is consistent that a given app obtains a particular authorization). Furthermore, it is good to pay attention to the indicators of the camera and microphone in use, implemented with the recent versions of Android: if they are visible, and you do not have any app in the foreground to use the camera and microphone, it could be a clear signal of presence. of the aforementioned spyware on your phone.