Tweet
Cybersecurity researchers from Lab52 have identified a new Android malware called Process Manager, capable of recording the target endpoint’s audio, as well as read and send SMS messages.
While the malware does seem to share a few similarities with the popular Russian state-sponsored threat actor Turla, it would seem as if the group isn’t behind this particular variant, or the campaign.
The similarity between Process Manager and other Turla malware is in the fact that both use the same shared-hosting infrastructure.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
When installed, the Process Manager malware comes with a gear-shaped icon, to try and trick the victims into thinking the app is a core Android item. After that, it looks to obtain more than a dozen permissions, including access to the camera, the device’s location, the ability to read and send SMS messages, to read call logs and contacts, to record audio and read and write external storage.
It’s unclear how it obtains these permissions - if it tries to trick the victim into granting them, or if it abuses the Android Accessibility service to grant itself the permissions.
This is where the differences between this threat actor and Turla begin to show. If the malware gets the permissions, it removes its icon and runs in the background. Still, the user can know the app is running, due to the permanent notification that sits in the pulldown menu.
Read more
The goal that the threat actor is trying to achieve with Process Manager also doesn’t befit Turla. The Russian APT is usually engaged in cyber espionage. This malware installs Dhan: Earn Wallet cash, a popular money-generating referral system app found in the Play Store. It downloads the app through the referral system, to earn commission for the attackers.
It’s also unclear how Process Manager is being distributed, but it’s mostly likely making rounds through identity theft, social engineering, and phishing sites.
[ul]
[li]If you’re looking to stay safe from threats lurking on the internet, you should consider a strong firewall[/li][/ul]
Via: BleepingComputer
Continue reading…
While the malware does seem to share a few similarities with the popular Russian state-sponsored threat actor Turla, it would seem as if the group isn’t behind this particular variant, or the campaign.
The similarity between Process Manager and other Turla malware is in the fact that both use the same shared-hosting infrastructure.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Hiding in plain sight[/HEADING]
[HEADING=1]Hiding in plain sight[/HEADING]
It’s unclear how it obtains these permissions - if it tries to trick the victim into granting them, or if it abuses the Android Accessibility service to grant itself the permissions.
This is where the differences between this threat actor and Turla begin to show. If the malware gets the permissions, it removes its icon and runs in the background. Still, the user can know the app is running, due to the permanent notification that sits in the pulldown menu.
Read more
That Android antivirus could actually be malware
Millions of Android phones infected with this dangerous new malware
The android threat disrupting airwaves
Millions of Android phones infected with this dangerous new malware
The android threat disrupting airwaves
It’s also unclear how Process Manager is being distributed, but it’s mostly likely making rounds through identity theft, social engineering, and phishing sites.
[ul]
[li]If you’re looking to stay safe from threats lurking on the internet, you should consider a strong firewall[/li][/ul]
Via: BleepingComputer
Continue reading…