Android Malware Linked to Russian Attackers Discovered, Can Record Audio and Track Your Location

Named Process Manager, the malware runs in the background once installed.

Advertisement
By Jagmeet Singh | Updated: 4 April 2022 18:42 IST
Highlights
  • Android malware uses the same infrastructure that is linked to Turla
  • It is installed as an app but works in the background
  • The malware converts user data into JSON for sharing with hackers
Android Malware Linked to Russian Attackers Discovered, Can Record Audio and Track Your Location

Android users should be careful while installing any new apps on their devices

Photo Credit: Unsplash/ Pathum Danthanarayana

A new Android malware has been detected and detailed by a team of security researchers that records audio and tracks location once planted in the device. The malware uses the same shared-hosting infrastructure that was previously found to be used by a team of Russian hackers known as Turla. However, it is unclear whether the Russian state-supported group has a direct relation with the newly discovered malware. It reaches through a malicious APK file that works as an Android spyware and performs actions in the background, without giving any clear references to users.

Researchers at threat intelligence firm Lab52 have identified the Android malware that is named Process Manager. Once installed, it appeared on the device's app drawer as a gear-shaped icon — disguised as a preloaded system service.

The researchers found that the app asks for a total of 18 permission when run for the first time on the device. These permissions include access to the phone location, Wi-Fi information, take pictures and videos from the inbuilt camera sensors, and voice recorder to record audio.

It is not clear whether the app receives permissions by abusing the Android Accessibility service or by tricking users to grant their access.

Advertisement

However, after the malicious app runs for the first time, its icon is removed from the app drawer. The app, though, still runs in the background, with its active status available in the notification bar.

The researchers noticed that the app configures the device on the basis of the permissions it receives to start executing a list of tasks. These include the details about the phone on which it has been installed as well as the ability to record audio and collect information including Wi-Fi settings and contacts.

Advertisement

Particularly on the audio recording part, the researchers discovered that the app records audio from the device and extracts it in the MP3 format in the cache directory.

The malware collects all the data and sends it in JSON format to a server that is located in Russia.

Advertisement

Although the exact source from which the malware reaches the devices is unknown, the researchers found that its creators have abused the referral system of an app called Roz Dhan: Earn Wallet Cash that is available for download on Google Play and has over 10 million downloads. The malware is said to download the legitimate app that eventually helps attackers install it on the device and makes profit out of its referral system.

It seems relatively uncommon for spyware since the attackers seem to be focused on cyber espionage. As Bleeping Computer notes, the strange behaviour of downloading an app to earn commissions from its referral system suggests that malware could be a part of a larger system that is yet to be discovered.

That said, Android users are recommended to avoid installing any unknown or suspicious apps on their devices. Users should also review the app permissions they grant to limit access of third parties to their hardware.


Can OnePlus 10 Pro beat iPhone 13 Pro and Galaxy S22 Ultra? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo Y400 Pro 5G India Launch Date Confirmed; Design Revealed
  2. Vivo X200 FE Global Launch Confirmed; Design Teased
  3. Poco F7 Launch Date, Price in India, Design and Key Features Leaked Online
  4. Vivo T4 Lite 5G to Launch in India Soon; Battery Capacity Revealed
  5. OnePlus Nord 5 Series, OnePlus Buds 4 to Launch in India on This Date
  6. Oppo Reno 14 5G Series, Watch X2 Mini, Enco Buds 3, Pad SE to Launch Globally
  7. Oppo K13x 5G India Launch Date, Price Range and Key Features Revealed
  8. Apple to Ship 2.8 Million iPhone Units in India in Q2 Despite Slowdown
  9. Hisense U7Q Mini-LED TV Launched in India With These Features
  1. Bitget Partners UNICEF Unit to Expand Blockchain Training Across India, Other Countries 
  2. WhatsApp Reportedly Working on Ability to Scan Documents on Android Smartphones
  3. ElevenLabs Expands Eleven V3 Text-to-Speech Model With Support for 41 New Languages
  4. Vivo T4 Lite 5G India Launch Confirmed; Battery Capacity, Price Range Teased
  5. TikTok Pushes Deeper Into AI-Generated Video Ads With New Tools
  6. Apple Risks Fresh EU Charge Sheet Over App Store Curbs
  7. The Witcher 4 Will Target 60 FPS on Consoles, but Series S Will Be 'Extremely Challenging' Says CD Projekt Red
  8. Oppo Reno 14 5G Series Global Launch Teased Alongside Watch X2 Mini, Enco Buds 3 and Pad SE
  9. Microsoft Begins Testing AI Agents in Windows 11, Brings Option to Share Recall Snapshots in Europe
  10. watchOS 26 to Bring Control Center Customisation Options with User-Defined Toggles
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.