The never-before-seen Android malware is known to be able to track a user's location, record audio, and read SMS. This malware is linked to a Russian hacker group called Turla.
Turla is a hacker syndicate backed by the Russian government. This group is known to often use special malware to carry out espionage. the group was previously linked to the Sunburst backdoor used in the 2020 cyberattack against SolarWinds.
Researchers from cybersecurity firm Lab52 found this malware lurking inside an Android app called 'Process Manager'. This malware is designed to look like most APKs, but once installed it will collect sensitive data and send it to hackers.
Not only that, this malware-infected application will also ask for 18 access permissions, including access to messages, location, camera, voice recorder, SMS, contacts, internet, network, external memory, and others, as quoted from Android Police, Monday (4/4/2022).
Once it gets what it wants, the malware will remove its icon from the phone but still operate silently in the background. That way, users won't be aware that their phone has been tapped and will have a hard time removing malicious apps that infect them.
Surprisingly, even though it has hidden its operation, this application actually displays a permanent notification indicating its presence. Whereas spyware like this usually hides its activities from the victim.
Not only fetching sensitive information, this malware also downloads several malicious payloads, including an app to earn money called 'Roz Dhan: Earn Wallet cash'. The app looks legit, and has been downloaded more than 10 million times on the Google Play Store.
In order to avoid malware attacks like this, Android users are also advised to review the access permissions granted to apps, and revoke access permissions for apps that look suspicious.
In addition, Android 12 also has a privacy feature that can display an indicator when the microphone and camera are used. So if this indicator appears for no reason, there's a good chance that spyware is hiding on your device.