Security News > 2022 > April > Russian-linked Android malware records audio, tracks your location
A previously unknown Android malware has been linked to the Turla hacking group after discovering the app used infrastructure previously attributed to the threat actors.
Researchers from Lab52 identified a malicious APK [VirusTotal] named "Process Manager" that acts as Android spyware, uploading information to the threat actors.
It is unclear if the malware abuses the Android Accessibility service to grant itself permissions or if it's tricking the user into approving a request.
Users of Android devices are advised to review the app permissions they have granted, which should be fairly easy on versions from Android 10 and later, and revoke those that appear overly risky.
Starting from Android 12, the OS pushes indications when the camera or microphone is active, so if these appear orphaned, spyware is hiding in your device.
These tools are particularly dangerous when nesting inside IoTs that run older Android versions, generating money for their remote operators for prolonged periods without anyone realizing the compromise.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Cyber crooks push Android malware via letter (source)