Researchers at Lab52 discovered a sneaky Android app thatโ€™s collecting a vast amount of sensitive data from a victimโ€™s device and transporting back to hackers C2.

Masquerading with the name of Process Manager, this app is seemingly harmless until it grants itself a bunch of permissions, and starts running in the background constantly. Also, it deletes the app icon itself to avoid detection. Researchers linked this app to a Russian state-backed hacking gang called The Turla group.

New Malicious Android App From Russian Hackers

In the world of cybersecurity, nearly half of the cyber incidents are somehow linked to some Russian connections. Whether it be an underground forum, profit-based hackers, or state-backed hacking groups, Russian cyber teams are everywhere, most of the time.

A notable team among them is The Turla group, a Russian state-backed hacking group that was first discovered in 2020, is now back with a malicious Android app. Named the Process Manager, this seemingly harmless app is in the wild aiming the steal sensitive data from victimsโ€™ devices.

Spotted and detailed by Lab52 researchers, this spyware is masquerading as a helpful tool but grants itself a number of permissions without the userโ€™s knowledge. How itโ€™s able to do it isnโ€™t known yet, but researchers state itโ€™s possible by leveraging the Android Accessibility service.

So if a user unknowingly grants the app permission to Accessibility service, this app in turn grants itself 18 other permissions like location access, reading messages, audio recording, etc. And once itโ€™s done permitting itself everything it needed, it wipes out the app icon automatically to stay undetected.

Yet, it runs silently in the background, and a permanent notification saying โ€œProcess Manager is runningโ€ remains. Researchers also said the app downloads multiple extra malicious payloads and are yet to study further.

LEAVE A REPLY

Please enter your comment!
Please enter your name here