[TheRecord] Android smartphones infected with rare rooting malware

Security researchers at Lookout have discovered a new Android malware strain that contains the ability to root smartphones, a feature that has become quite rare in Android malware strains in recent years.

Named AbstractEmu, the malware and its distribution campaign have been detailed in a report published today, summarized below:

The AbstractEmu malware was distributed hidden inside 19 Android applications that were uploaded on Google Play, the Amazon Appstore, the Samsung Galaxy Store, and other unofficial third-party app stores.Only one of the 19 apps, called Lite Launcher, reached the Google Play Store, where it was downloaded by only 10,000 users.Once on a device, the AbstractEmu malware would download and execute one of five exploits for older Android security flaws that would allow it to root and take over the device.The rooting package contained exploits for the following five vulnerabilities: CVE-2020-0041, CVE-2020-0069, CVE-2019-2215, CVE-2015-3636, and CVE-2015, 1805.

Image: Lookout

Once the AbstractEmu malware gains elevated privileges following the rooting exploit, it would give itself access to dangerous permissions, and then access additional malware components on the devices.After a device is infected, the following data is collected and sent to a remote server.

Image: Lookout

Lookout said it was unable to determine what malicious operations this malware would carry out but said that based on the permissions the malware assigned itself, there were similarities with banking trojans and spyware-focused threats such Anatsa, Vultur, and Mandrake.The company described the malware’s creators as a “well-resourced group with financial motivation.”Lookout said it named the malware AbstractEmu because of its use of code abstraction and anti-emulation checks to avoid running while under analysis and sandboxes.

The names of some of the apps and their installation packages –discovered to contain the AbstractEmu malware– are below:

TitlePackage nameAll Passwordscom.mobilesoft.security.passwordAnti-ads Browsercom.zooitlab.antiadsbrowserData Savercom.smarttool.backup.smscontactsLite Launchercom.st.launcher.liteMy Phonecom.dentonix.myphoneNight Lightcom.nightlight.appPhone Pluscom.phoneplusapp

The post Android smartphones infected with rare rooting malware appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] FireEye, Mandiant Split Apart in $1.2B Private Equity Deal

All posts, Security Week

FireEye on Wednesday announced plans to sell its products business as part of a $1.2 billion transaction that splits off the Mandiant Solutions unit from the company’s endpoint protection and cloud security products. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[BleepingComputer] NVIDIA cripples cryptocurrency mining on RTX 3080 and 3070 cards

NVIDIA announced today that it’s halving the hash rate for Etehereum cryptocurrency mining on the new GeForce RTX 3080, 3070, and 3060 Ti graphics cards to make them less desirable for miners. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] This chip flaw could have let malicious apps eavesdrop on Android phone users

All posts, ZDNet

MediaTek fixes several flaws that attackers can exploit without user interaction. Source: Read More (Latest topics for ZDNet in Security)

Read More