Russian hackers have been linked to several high-profile cyberattacks, including interfering in the 2016 US presidential election campaign. The Kremlin's motives for these attacks are not always clear, but generally they are aimed at creating chaos, instilling suspicion, and randomly line the pockets of the hackers – or their sponsors.
Russian state-backed hackers aren't just targeting the United States or Ukraine. The Turla Group - state-backed Russian hackers first identified in 2020 - used a particularly sophisticated Android malware hidden in a seemingly harmless app.
Bleeping Computer reports that Lab52 cybersecurity researchers have discovered a spyware masquerading as a helpful Android tool called Process Manager. The malware is designed to look like a harmless APK, but once installed, it collects sensitive information and sends it to the attackers. Once downloaded, the app will ask for 18 permissions, including access to messaging, location, and audio recording features. Researchers aren't sure how the malware grants itself permissions, probably exploiting the Android Accessibility Service.
Once the malware has what it needs, it pulls off another sneaky move and removes its icon before running unnoticed in the background. In this way, it capitalizes on the user's lack of attention - sort of an "out of sight, out of mind" approach. Except for one thing - the constant "Process Manager is running" notification.
Bleeping Computer speculates that the malicious APK is part of a larger system due to its command-and-control server infrastructure and advises anyone who owns an Android device to check the app permissions they have given their apps and, if necessary, to revoke all.
Swell):
Bleeding computer
Mysterious malware keeps collecting data appeared first on xiaomist's blog .
Comments
Post a Comment