"AbstractEmu" Android Malware seized full control of your phone — what to Do

"AbstractEmu" Android Malware seized full control of your phone — what to Do

Newly discovered Android malware takes advantage of five different known security flaws to gain "root" privileges on smartphones, giving itself greater system capabilities than normal phones.

The malware, named AbstractEmu by the discoverers at information security firm Lookout, has been found in the Amazon App Store, Samsung Galaxy Store, as well as Aptoide, APKPure, and other "offload" Android It is hidden in utility, security, and privacy apps found in the app market.

One of the apps, called Lite Launcher, was downloaded more than 10,000 times from the official Google Play Store until Google removed it after receiving notification from Lookout. Despite containing malware, these Trojanized apps are well designed and function as advertised, so you probably won't notice anything wrong with them. [Yesterday (October 28), Kristina Balaam and Paul Shunk of Lookout wrote in a blog post, "This is an important finding because over the past five years, malware with root functionality has become rare to be widely distributed."

Installing such a poisoned app installs spyware posing as a storage manager called "Setting Storage," which "gives access to contacts, call history, SMS messages, location, camera, and microphone" in a three-step The infection process is initiated.

Because the spyware has root privileges, it resets device passwords, locks you out of your own device, draws on top of other windows, installs more apps, captures screenshots, displays notifications, and records screen activity, disable Google Play protection, and more.

The ultimate purpose of this malware campaign is unknown as the command and control server was taken offline before Lookout's researchers captured the final payload.

However, the malware's capabilities go far beyond what is required to steal sensitive information such as passwords and credit card numbers from Android phones or to register Android users for premium SMS scams, as most malware does these days. beyond.

Of the 19 known apps distributed in this malware campaign, seven have rooting capabilities. They are:

If any of the apps match these names, we recommend checking to see if they are indeed the same app. Many apps share a name, but the package name (the text string beginning with "com" above) is unique.

Using a desktop browser, go to the app store where you got the app and search for it. If the app is not in the app store, remove it from the device.

If the app you downloaded is still there, see if the icon on the list page for that app matches the one on your phone. If so, check the URL, or web address, of the listing page; somewhere in the URL should be an Android package name. If it matches the package name above, remove the app.

This last step does not work with the Amazon App Store; the Amazon App Store does not seem to list the Android package name of the app anywhere. Use your own judgment.

You should also keep your Android phone as updated as possible. The flaws used by this malware have all been fixed as of the official Android security update in March 2020. If your Android phone has not received a security update since then, it may be time to consider purchasing a new phone.

As always, to stay one step ahead of the scammers, you want to install one of the best Android antivirus apps and not install apps from the offload store.

Categories