4. 4. 2022

Russian malware that targets users has appeared in the airwaves Androidu. Specifically, it is spyware that is capable of reading text messages or eavesdropping on calls and recording conversations using a microphone.

The war in Ukraine has caused an increase in cyber attacks around the world. Many hackers, including those from Russia and China, are taking advantage of this situation to spread malware and steal user data. Against this background, experts from S2 Grupo Lab52's cybersecurity laboratory have now discovered a new malware targeting devices with Androidem. It originates from Russia and spreads through the Internet through seemingly harmless APK files.

Enter the gallery

The malicious code hides in an application called Process Manager. Once an unsuspecting victim installs it, the malware takes over their data. Before that, however, it will ask for a set of permissions to access your device's location, GPS data, various nearby networks, Wi-Fi information, text messages, calls, sound settings, or your contact list. Then, without the user's knowledge, it activates the microphone or starts taking pictures from the front and rear cameras.

All data from the compromised smartphone is received by a remote server in Russia. To prevent the user from deciding to delete the app, the malware makes its icon disappear from the home screen. This is what many other spyware programs do to make them forget about it. At the same time, the malware installs an app called Roz Dhan: Earn Wallet cash, which looks legitimate, from the Google Play Store without the user's permission. However, in reality, it is used by hackers to make a quick buck. So if you have installed Process Manager, delete it immediately. As always, we recommend downloading apps only from the official Google store.

Topics: wallet, hacker, crab, microphone, GPS, contacts, program, Wi-Fi, Google Play, Settings

Discussion of the article

host

4. 4. 2022 19:10

Aha.
So it works exactly like google, only the target server that receives my data is in Russia. That's a bummer though, my data in friendly USA is perfectly fine, but not in Russia. So you have to be careful about that malware.

Adam Kos

5. 4. 2022 5:31

So his behavior is not quite standard after all.

Insert your own comment Cancel reply

Your name or Log in

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

Today's most read

Most read

Beware of this Russian malware. He can track you

Gallery

You could be interested in

How to defend against hacking: 7 tips for users Androidu

Discussion of the article

Insert your own comment Cancel reply

Related

Today's most read

Most read