Google Play Store removes over a dozen malicious Android utility apps

By Scott Marlette Last updated Oct 29, 2021

Security researchers have helped kick out 19 apps from the Google Play Store that installed a rare rooting malware to take over the smartphone.

Discovered by cybersecurity investigators at Lookout, the malware dubbed AbstractEmu rooted an infected Android device to conduct several malicious activities such as monitoring notifications, capturing screenshots, recording the screen, and even reset the password of the device, or lock it completely.

“By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction,” observe the researchers.

The infected apps were disguised as utility apps, such as password managers, data savers, app launchers, and such, and were fully functional. Of the 19 apps that were taken down, the researchers claim that seven exhibited rooting capabilities, and one had clocked more than 10,000 downloads.

Rare, but deadly

The researchers claim that while rooting malware has all but disappeared in the last five years, AbstractEmu is proof that they aren’t dead yet. The researchers are also fascinated by the steps the malware takes to avoid detection by using code abstraction and anti-emulation checks.

Once on a device, AbstractEmu calls in the help of one of five exploits for older Android security flaws in order to root and take over the device. After gaining control, it collates all kinds of data about the device, and sends it to a remote server, and waits to receive additional payloads.

“At the time of discovery, the threat actor behind AbstractEmu had already disabled the endpoints necessary to retrieve this additional payload from C2 [command-and-control server], which has prevented us from learning the ultimate aim of the attackers,” the researchers conclude.

Stay protected with our pick of the best identity theft protection tools

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.