The Turla hacking group might be the culprit behind the deployment of notorious spyware that hit Android devices. According to the latest report, the experts believed that it came from Russian state-sponsored hackers.
Aside from using this malware for espionage, it can also gain access to the other features of your phone, including the internet, camera, messages, and more.
Android Spyware Linked to Turla Group
Prior to a recent case connected to Turla, the notorious group of cybercriminals was once involved in the controversial SolarWinds supply chain attack that took place in December 2020.
However, the Lab52 cybersecurity researchers have found out that the same group is operating Android spyware, which is used to track the location of a device. The findings led to the detection of the "Process Manager," an APK which is believed to be emulating the said malware.
According to a report by Bleeping Computer, the experts have not yet uncovered the distribution process of the spyware. However, they discovered that the Process Manager has the ability to keep itself concealed from unaware users. This makes it even hard to recognize if you're not paying close attention to your system component.
Moreover, it should be noted that this suspicious application can trigger 18 permissions in your Android device, which include:
- Access coarse location
- Access fine location
- Access network state
- Access WiFi state
- Camera
- Foreground service
- Internet
- Modify audio settings
- Read call log
- Read contacts
- Read external storage
- Write external storage
- Read phone state
- Read SMS
- Receive boot completed
- Record audio
- Send SMS
- Wake log
If all permissions are allowed on your device, the users are exposed to a high risk of being tracked. Additionally, the hackers can know more private information about them, including details about their bank accounts, email addresses, passwords, and more.
Once the permissions have taken effect, the Android spyware will continue to operate in the background. You will only know that it's running because of its "permanent" notification.
As of press time, the security analysts have not yet determined how the APK is distributed in the system. If the Turla group is indeed behind this incident, it could deploy many methods, including phishing and social engineering.
Related Article: Viasat Hit with Russia's Wiper Malware called 'AcidRain,' Affecting European Services
Android App Used in Cyber Espionage
The Lab52 team also discovered that there's an app that is abused for profit. The so-called "Roz Dhan: Earn Wallet Cash" can be searched on the Google Play Store, Portuguese tech site TugaTech reported. The application sounds too good to be true since the user could gain money via a referral system.
According to cybersecurity researchers, it's quite strange to pull off this gimmick since the main focus of hackers is to spy on their victims.
Per experts, Android users should always be careful about the apps that they are downloading. They should also regularly review the app permissions to avoid security and privacy risks.
Read Also: US Warns of Russian State-Sponsored Hackers Using Exploits of 'PrintNightMare,' MFA Defaults
This article is owned by Tech Times
Written by Joseph Henry