Find malware that extracts various information such as location information and SMS and sends it to Russia
A new APK for Android has been discovered that steals various information such as location information and SMS and sends it to Russia under the guise of harmless software.
Newly found Android malware records audio, tracks your location
Lab52 , the threat intelligence division of Spanish cybersecurity company S2 Grupo , reported on the new APK for Android that acts as spyware. It is unknown how this APK was distributed, but when installed, it resides as a program that looks like a system service called 'Process Manager' and continues to send location information etc. to Russian servers.
If you install the app that contains the APK in question, when you first start it, you will have access to location information, access to the camera, access to Wi-Fi information, access to the Internet, access to call history, and so on. Request access to 18 types of permissions such as access permission for contact information, access permission for SMS, sending permission for SMS, and reading / writing permission for external storage. If you grant access in response to this request, it will remove its icon from the app drawer to make it harder for users to discover, and will continue to run in the background under the guise of a system service as shown in the image below.
Then, it sends various personal information such as location information and SMS collected in the background to a server located in Irkutsk Oblast, Russia, with an IP address of 82.146.35.240.
In addition, there was a case where the application '
It is thought that the action of forcibly downloading this application is to charge a fee according to the number of downloads, and the hacker group sponsored by the state devotes itself to information gathering activities without making such immediate funds. Therefore, Lab52 sees it as just a crime of a private hacker group.
Related Posts:
in Security, Posted by darkhorse_log