Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

Wed, 06 Apr 2022 9:19:00 Dan

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices.

Interestingly, the app — that has the package name "com.remote.app" — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as Turla.
"When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers said. "These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras."

Read more a https://thehackernews.com/2022/04/researchers-uncover-new-android-spyware.html

About the author

Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.