A Russian malware is currently targeting users of an Android smartphone. This dangerous spyware is notably capable of reading your text messages, listening to your calls or recording your conversations using the microphone of your smartphone.
The war in Ukraine has caused an increase in computer attacks around the world. Many hackers, including Russian and Chinese hackers, are taking advantage of the situation to spread malware and steal user data.
In this complicated context, Lab52 computer security researchers have discovered new malware targeting the Android operating system. Developed in Russia, this virus spreads on the web through seemingly innocuous APK files.
The software hides in the code of an application called “Process Manager”. Once installed on the smartphone of its victims, the malware will seize the data contained on it. To begin with, the virus will ask for a series of Android permissions. Mirroring many apps, Process Manager requires a set of user permissions.
Android: this Russian malware can spy on you using your microphone
The malware requests access to the phone’s location, GPS data, various nearby networks, Wi-Fi information, text messages, phone calls, audio settings, and your contact list. Above all, the virus grants itself the possibility of activating your phone’s microphone or taking photos through the front and rear sensors without your knowledge. In short, your entire privacy is threatened.
During our analysis of the Penquin-related infrastructure we reported in our previous post; we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla. One threat that makes contact with the 82.146.35[.]240 address in particular caught our attention, as it was the only one that contacts against that IP and it was an Spyware for Android devices.
A remote server in Russia gets all the informations. To prevent the user from deciding to delete the app, the malware will make the Process Manager icon disappear from the home screen. Many spyware programs do this to make themselves forgotten by their victims. This is the case of the Ginp virus, spotted in late 2019 on Android, or the dangerous xHelper Trojan.
At the same time, the virus installs an application from the Play Store without the consent of the smartphone holder. This application is hijacked by hackers to generate quick profit. To avoid falling into the trap, we advise you to be very careful when installing APKs.