Loading...

New Android malware that can track location, record audio and video detected

New Android malware that can track location, record audio and video detected
Photo Credit: Pixabay
5 Apr, 2022
Loading...

A new malware of Russian origin has been detected by a security threat intelligence firm Lab52. The malware — Process Manager — can track location, and record audio and video of someone.   

Lab52’s researchers claim that this malicious software is capable of not just stealing data, but also recording audio and video and track location while working in the background on Android devices. The android malware penetrates the devices through an ‘apk file’, which works as “spyware” and eventually steals data in the background without the users’ knowledge. 

Malware is intrusive software that is being developed by cybercriminals to damage and destroy computers and computer systems. Some of the common malwares which attack computers are viruses, worms, Trojan viruses, spyware, adware, and ransomware. In the case of ‘Process Manager’, it was figured by the researchers that once it is installed, the ‘app’ is placed in the applications menu and displays a ‘gear’ icon that users misinterpret as the ‘Settings’ menu. 

Loading...

Lab52 researchers have discerned that the malware, when run for the first time on the device, seeks 18 permissions which include access to the phone location, Wi-Fi information, picture gallery, video and audio files to name a few. 

“During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla. One threat that makes contact with the 82.146.35[.]240 address, in particular, caught our attention, as it was the only one that contacts against that IP and it was Spyware for Android devices,” Lab52 stated in its official blogpost.  

The same blog site went on to claim that Lab52 could trace out the ‘malicious agent’ that uses the same shared hosting infrastructure used by a group of cybercriminals of Russian origin named Turla. However, the security threat firm could not discover if the Process Manager is backed by Turla or by its campaign. 

Loading...