The spread of viruses and malware intensified since the start of the war in Ukraine. BitcoinAndroid and Windows devices, Mac… for several weeks everything has been going well.
This time, Russian malware is directly attacking Android users by spying on their conversations and being able to record them using the microphone of their smartphones.
Russian hackers attack Android
Computer attacks have multiplied since the start of the war in Ukraine. While Anonymous fights against Russia through a well-conducted cyber war, Russian hackers take advantage of the situation to spread viruses, malware and other malicious software in order to seize the personal data of Internet users.
Computer security researchers are doubling their vigilance, and those at Lab52 discovered a particularly virulent new malware that directly attacks the Android operating system. At its origin, Turla, a collective of Russian hackers supported by their government which was identified in 2020. The scheme used this time is not unlike that of Sharkbot, the malware capable of stealing bank details which was hiding in fake antivirus apps on google play store.
Malware that takes photos without your knowledge
This time, the software is hiding within the code of the “Process Manager” app, whose method of distribution to its victims is still unclear since it does not seem to have ended up on any store. Once installed, the malware will seize the data stored in the smartphone by asking for a multitude of Android permissions including the location of the phone, the SMS and calls, the list of contacts, the audio parameters, the coordinates of the GPS, the information on Wi-Fi and local networks.
The malware will above all appropriate access to the phone’s microphone and the camera in order to use them without the knowledge of its victims to take stolen pictures via the front and rear sensors of the device or even record conversations. All collected data will then be sent to a remote server located in Russia. And to make itself forgotten by trapped users or prevent them from deciding to delete the application, the malware sneakily makes the Process Manager icon disappear to better act in the background. Researchers agree that this virus is unique in that, as a bonus, it installs other applications from the Play Store without the owner’s consent, including one hijacked by hackers and allowing them to line their pockets. quickly.
Source: AndroidPolice
11