• Home
  • Apps
  • Apps News
  • Android Malware Linked to Russian Attackers Discovered, Can Record Audio and Track Your Location

Android Malware Linked to Russian Attackers Discovered, Can Record Audio and Track Your Location

Named Process Manager, the malware runs in the background once installed.

Android Malware Linked to Russian Attackers Discovered, Can Record Audio and Track Your Location

Photo Credit: Unsplash/ Pathum Danthanarayana

Android users should be careful while installing any new apps on their devices

  • Android malware uses the same infrastructure that is linked to Turla
  • It is installed as an app but works in the background
  • The malware converts user data into JSON for sharing with hackers

A new Android malware has been detected and detailed by a team of security researchers that records audio and tracks location once planted in the device. The malware uses the same shared-hosting infrastructure that was previously found to be used by a team of Russian hackers known as Turla. However, it is unclear whether the Russian state-supported group has a direct relation with the newly discovered malware. It reaches through a malicious APK file that works as an Android spyware and performs actions in the background, without giving any clear references to users.

Researchers at threat intelligence firm Lab52 have identified the Android malware that is named Process Manager. Once installed, it appeared on the device's app drawer as a gear-shaped icon — disguised as a preloaded system service.

The researchers found that the app asks for a total of 18 permission when run for the first time on the device. These permissions include access to the phone location, Wi-Fi information, take pictures and videos from the inbuilt camera sensors, and voice recorder to record audio.

It is not clear whether the app receives permissions by abusing the Android Accessibility service or by tricking users to grant their access.

However, after the malicious app runs for the first time, its icon is removed from the app drawer. The app, though, still runs in the background, with its active status available in the notification bar.

The researchers noticed that the app configures the device on the basis of the permissions it receives to start executing a list of tasks. These include the details about the phone on which it has been installed as well as the ability to record audio and collect information including Wi-Fi settings and contacts.

Particularly on the audio recording part, the researchers discovered that the app records audio from the device and extracts it in the MP3 format in the cache directory.

The malware collects all the data and sends it in JSON format to a server that is located in Russia.

Although the exact source from which the malware reaches the devices is unknown, the researchers found that its creators have abused the referral system of an app called Roz Dhan: Earn Wallet Cash that is available for download on Google Play and has over 10 million downloads. The malware is said to download the legitimate app that eventually helps attackers install it on the device and makes profit out of its referral system.

It seems relatively uncommon for spyware since the attackers seem to be focused on cyber espionage. As Bleeping Computer notes, the strange behaviour of downloading an app to earn commissions from its referral system suggests that malware could be a part of a larger system that is yet to be discovered.

That said, Android users are recommended to avoid installing any unknown or suspicious apps on their devices. Users should also review the app permissions they grant to limit access of third parties to their hardware.

Can OnePlus 10 Pro beat iPhone 13 Pro and Galaxy S22 Ultra? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Solana Labs, Coinbase Ventures Among Investors to Pour $35 Million in ‘Fractal’ NFT Platform
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2023. All rights reserved.
Trending Products »
Latest Tech News »