Russian Spyware Hidden in Android Process Management Apps

Designated to specialize in creating Advanced Persistent Threats (APTs), groups like Turla, under the umbrella of an organization, will exploit malware in these Internet and then silently send information to their creators over a long period of time.

The process manager application sent information to the IP address related to Turla’s activities, although it cannot be proven with certainty that they belong to this group or that the information obtained was subsequently used for nefarious purposes. However, in some cases when installing the application receives some access to the following tasks:

Access coarse location

Access fine location

Access network state

Access WiFi state

Camera

Foreground service

Internet

Modify audio settings

Read call log

Read contacts

Read external storage

Write external storage

Read phone state

Read SMS (Read SMS)

Receive boot completed

Record audio (record audio)

Send SMS (Send SMS)

Wake log (Wake log)

The above tasks, when illegally intruded, are all serious threats to user privacy, especially when they serve malicious purposes, especially location tracking, voice recording and use the camera.

On the other hand, this process management application is quite discreet, marked with a gear icon as if it were an settings and system application that will disappear when automatically granting the aforementioned permissions.

The app will then launch a persistent notification in the status bar. This could be a sign that the user’s phone is being tracked.

Although it is possible to link to the hacker group, Lab52 researchers still think that the process management application is a weak threat when the notification about the running application is clearly displayed, plus the application is part of the monetization infrastructure hidden in popular affiliate networks like the one with the Roz Dhan . app

It’s not a typical anonymous intrusion if the user has some affiliate programs installed, you can still find a process manager app and revoke permissions or better yet uninstall them all. both of them if you are concerned about the security of your phone.