This Russia-linked spyware disguised as Android ‘Process manager’ app can track and record you

By Scott Marlette Last updated Apr 4, 2022

Android spyware masquerading as a process manager app may have a possible link to the Russian hacking group Turla , advise Lab52 security researchers. The group has been designated an APT (Advanced Persistent Threat) maker which usually denotes a nation state or state-sponsored entity that lodges malware exploits in computer networks that are then able to lie dormant and send information to their creators for a long period of time.

The Process manager app has been detected to send information to IP addresses associated with Turla’s operations, though it can’t be proved with certainty that they belong to the group or that the information obtained is then used for nefarious purposes. In any case, upon installation the app gets a number of permissions that include the following:

Access coarse location
Access fine location
Access network state
Access WiFi state
Camera
Foreground service
Internet
Modify audio settings
Read call log
Read contacts
Read external storage
Write external storage
Read phone state
Read SMS
Receive boot completed
Record audio
Send SMS
Wake log

As you can see, most of these are a serious threat to your privacy if used with malicious intent, especially the location tracking and voice recording, but the camera use permissions, too. The app is rather inconspicuous otherwise, marked with a cogwheel icon as if a settings and system app, which disappears upon the automatic granting of the aforementioned permissions. It then launches a persistent notification in the status bar that may be a telltale sign your phone is being watched.

The reason that the Lab52 researchers indicate the process management app as weak threat despite its possible Turla connection, is that the persistent notification that the app is running is clearly visible, plus the app is part of a monetization infrastructure that hides in popular affiliate networks like the one linked to the popular Roz Dhan: Earn Wallet Cash app above.

That’s not a typical stealth behavior yet if you have installed some of those affiliate programs you can still look for the process manager app and revoke permissions or, better yet, uninstall them all if you are worried about your phone’s security.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.