A new Trojan discovered in Android apps is capable of exploiting up to 5 security holes to gain 'root' rights to the device. It's scary when it's infected, malware can hijack Android phones.
The malware was given the name 'AbstractEmu' by its inventors at the security company Lookout. Often hidden within utility, security, and privacy apps found on the Amazon App Store, Samsung Galaxy Store, Aptoide, APK Pure, and several other app stores.
"This is a significant find as widely distributed malware with root capabilities has become rare over the last five years," wrote Lookout's Kristina Balaam and Paul Shunk.
Lookout researchers found 19 apps that contained malicious code and 7 of them had the ability to automatically root Android devices. The seven applications in question are:
All Passwords, com.mobilesoft.security.password
Anti-ads Browser, com.zooitlab.antiadsbrowser
Data Saver, com.smarttool.backup.smscontacts
Lite Launcher, com.st.launcher.lite
My Phone, com.dentonix.myphone
Night Light, com.nightlight.app
Phone Plus, com.phoneplusapp
It's worth noting that Lite Launcher was downloaded 10,000 times on the Play Store before it was removed after Google received a notification from Lookout. It's worrying that the structure of the malware is very sophisticated and it's nearly impossible for the average user to see anything suspicious.
Once someone installs one of the infected apps it will trigger the infection process in three stages, the last one installing spyware disguised as "Settings Storage" which gains access to contacts, call lists, SMS messages, location, camera and microphone.
Because it has root privileges, malware can reset device passwords, lock the device completely (or even disable it), install more apps, view notifications, record user screen activity, take pictures, and even disable the Google Play Protect protection mechanism.
Although the purpose of this malicious coder is unknown, because the host server is always offline before Lookout researchers find it. But the malware's capabilities go far beyond what is needed to steal passwords, credit card numbers, send fraudulent messages, or sensitive information from victims' phones.
So how to protect yourself from this new Android malware? If you are using any of the apps listed above it should be removed from your device immediately.
Apart from that, keep your Android phone up to date. Because all the vulnerabilities used by this malware were patched in the March 2020 official Android security update. If your Android phone hasn't received the security update since then, it might be time to look for a new phone.