Security News > 2022 > April > Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers
An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices.
"When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers said.
"These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras."
Once the app is "Activated," the malware removes its gear-shaped icon from the home screen and runs in the background, abusing its wide permissions to access the device's contacts and call logs, track its location, send and read messages, access external storage, snap pictures, and record audio.
Despite the overlap in the C2 server used, Lab52 said it doesn't have enough evidence to attribute the malware to the Turla group.
"The application, [which] is on Google Play and is used to earn money, has a referral system that is abused by the malware," the researchers said.
News URL
https://thehackernews.com/2022/04/researchers-uncover-new-android-spyware.html
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Targus discloses cyberattack after hackers detected on file servers (source)
- 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)