Some time ago we saw 16 malware apps that could extort personal data and money. Unfortunately, in the Android world, this reality is very common. Many developers who want to make fun of us often disguise an old virus with a new name: we remember the case of Escobar malware. Today we see another one that, unfortunately, comes from Russia. However, we avoid comments of a political nature as they do not interest us and we only inform you of the dangers you run if you are not careful.
You are never too careful! A new malware from Russia has been discovered that steals sensitive data of Android users
Experts from Lab52, a division of a world-renowned Spanish cybersecurity company, S2 Grupo, they found out a new threat to the privacy of Android users. A Russian malware called "Process Manager" was detailed in a report released last Friday by the aforementioned company. According to expert analysis, the malware comes in the form of APK, an Android application installation package. The application has a "gear" icon that reminds them of the le Settings of Android.
When performed for the first time, themalware app requires 18 permissions user access, including: network connection status, camera, location, SMS messages, microphone, foreground usage, and system stored data. Granting access to all of these features, in itself, is a reaction risk for privacy and can cause serious damage.
After receiving all permissions, the application icon disappears and only one is displayed notifies permanent bases, indicating that the software is running in the background. This is one feature unusual for a malware, as it tends to maintain maximum secrecy while stealing data and spying on the user. However, precisely because of this peculiarity, the user tends to do nothing.
All information collected by the application is sent in JSON format (JavaScript Object Notation, used for data transfers between a server and a web application) to a server located in Russia. Process Manager, the name we gave the malware, also has a line of code that try to install an app called "Roz Dhan" available on the Google Play Store. Hackers use this application to not only steal sensitive data but also to generate profits through commissions and micro transactions.
While it is not yet clear how malware spreads, we recommend check the permissions of suspicious apps installed on the smartphone. Android 12 simplifies this monitoring by displaying an indicator (top right) showing the camera or microphone turned on, even when the user is not using them.
Source | Bleeping Computer
