The Turla hacking group might be the culprit behind the notorious spyware deployment that hits Android devices. According to the latest report, experts believed it came from Russian state-sponsored hackers.
Apart from using this malware for spying purposes, it can also access other features of your phone including internet, camera, messages etc.
Android spy software linked to the Turla group
(Photo: Maël BALLAND from Unsplash)
The Lab52 team discovered that known Android spyware could be connected to a Russian state-sponsored hacking group known as Turla.
Prior to a recent Turla-related case, the notorious group of cybercriminals was previously implicated in the controversial SolarWinds supply chain attack that took place in December 2020.
However, cybersecurity researchers from Lab52 discovered that the same group operates Android spyware, which is used to track a device’s location. The findings led to the detection of “Process Manager”, an APK believed to mimic said malware.
According to a report by Bleeping Computer, experts have not yet discovered the distribution process of the spyware. However, they discovered that the process manager has the ability to hide from unwitting users. This makes it even harder to recognize if you don’t pay close attention to your system component.
Moreover, it should be noted that this suspicious app can trigger 18 permissions on your Android device, including:
- Access coarse location
- Access to a beautiful location
- Access network status
- Access WiFi status
- Top service
- the Internet
- Change audio settings
- Read call log
- Read Contacts
- Read external storage
- Write external storage
- Read phone status
- Read SMS
- Startup reception completed
- Audio recording
- Send a text message
- wake up log
If all permissions are allowed on your device, users are at a high risk of being tracked. Moreover, hackers can know more private information about them including details about their bank accounts, email addresses, passwords etc.
Once the permissions are taken care of, Android spyware will continue to run in the background. You’ll only know it’s running by its “permanent” notification.
As of press time, security analysts have yet to determine how the APK is distributed in the system. If the Turla group is indeed at the origin of this incident, it could deploy many methods, including phishing and social engineering.
Related article: Viasat affected by Russian wiper malware called “AcidRain”, affecting European services
Android application used in cyber espionage
The Lab52 team also discovered that there is an app that is being exploited for profit. The so-called “Roz Dhan: Earn Wallet Cash” can be searched on the Google Play Store, Portuguese tech site TugaTech reported. The application seems too good to be true since the user could earn money through a referral system.
According to cyber security researchers, it is quite strange to pull off this gadget since the main aim of hackers is to spy on their victims.
According to experts, Android users should always be careful about the apps they download. They should also review app permissions regularly to avoid security and privacy risks.
Also read: US warns against Russian state-sponsored hackers using ‘PrintNightMare’ exploits, MFA flaws
This article belongs to Tech Times
Written by Joseph Henry
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.