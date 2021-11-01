Malware that silently attacks Android devices has been discovered in 19 apps.

Security specialists have discovered a new Android malware that may root devices to acquire control and change system settings. Anti-emulation and code abstraction checks are also used by the virus.

The vulnerability was discovered and named AbstractEmu by security experts at Lookout Threat Lab, a cybersecurity firm. Malicious malware infiltrates a device by posing as legitimate software.

AbstractEmu was discovered in 19 apps, with one of them having been downloaded over 10,000 times before being deleted from the Google Play Store. Third-party retailers such as the Samsung Store and the Amazon AppStore also sell the apps.

After being notified by the cybersecurity firm, Google quickly deleted the aforementioned apps from its store to protect consumers. “The majority of the 19 malware-related programs we discovered were disguised as utility apps like password or money managers, as well as system functions like file managers and app launchers.” Lookout discovered that “all of them looked to be working to the users.”

“Rooting malware is extremely harmful, despite its rarity. The threat actor might covertly grant themselves hazardous rights or install more malware by leveraging the rooting procedure to acquire privileged access to the Android operating system. These actions would typically need user participation. “Elevated privileges also enable the malware access to sensitive data from other apps, which is not feasible under normal conditions,” according to a blog post from Lookout.

“AbstractEmu does not include any sophisticated zero-click remote attack features utilized in advanced APT-style threats,” the security experts explained. “It is launched simply by the user having opened the program.” “Because the malware is camouflaged as useful programs,” they noted, “the majority of users will likely engage with them quickly after installation.”

The attack actors behind AbstractEmu are also a "well-resourced group with financial motivation," according to the cybersecurity researchers. "Their code-base and evasion strategies — such as the use of burner emails, aliases, phone numbers, and pseudonyms — are highly advanced," the company added. We also discovered connections between malware and banking trojans, such as the malware's untargeted spread of programs and the rights it seeks." The package manager is used by threat actors to "silently install a new app and allow it a multitude of intrusive rights, including access to contacts, call logs, SMS messages, location, camera, and microphone." "The program will adjust settings to grant itself dangerous powers or degrade the device's security," according to the report. With these features, the app has a lot of potential.