This Russia-linked spyware disguised as Android 'Process manager' app can track and record you

This Russian malware disguised as Android 'Process manager' process can track and record you
Android spyware masquerading as a process manager app may have a possible link to the Russian hacking group Turla , advise Lab52 security researchers. The group has been designated an APT (Advanced Persistent Threat) maker which usually denotes a nation state or state-sponsored entity that lodges malware exploits in computer networks that are then able to lie dormant and send information to their creators for a long period of time.

The Process manager app has been detected to send information to IP addresses associated with Turla's operations, though it can't be proved with certainty that they belong to the group or that the information obtained is then used for nefarious purposes. In any case, upon installation the app gets a number of permissions that include the following:

  • Access coarse location
  • Access fine location
  • Access network state
  • Access WiFi state
  • Camera
  • Foreground service
  • Internet
  • Modify audio settings
  • Read call log
  • Read contacts
  • Read external storage
  • Write external storage
  • Read phone state
  • Read SMS
  • Receive boot completed
  • Record audio
  • Send SMS
  • Wake log

As you can see, most of these are a serious threat to your privacy if used with malicious intent, especially the location tracking and voice recording, but the camera use permissions, too. The app is rather inconspicuous otherwise, marked with a cogwheel icon as if a settings and system app, which disappears upon the automatic granting of the aforementioned permissions. It then launches a persistent notification in the status bar that may be a telltale sign your phone is being watched. 

Recommended Stories
The reason that the Lab52 researchers indicate the process management app as weak threat despite its possible Turla connection, is that the persistent notification that the app is running is clearly visible, plus the app is part of a monetization infrastructure that hides in popular affiliate networks like the one linked to the popular Roz Dhan: Earn Wallet Cash app above. 

That's not a typical stealth behavior yet if you have installed some of those affiliate programs you can still look for the process manager app and revoke permissions or, better yet, uninstall them all if you are worried about your phone's security.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless