Lookout Threat Lab researchers have identified malware that infects Android devices and is able to gain full root access to the phone by modifying system settings. It was present in 19 apps already removed from the Google Play Store, according to a statement released on Thursday (28).
Called AbstractEmu, the malicious program hidden in applications would root the infected phone to take control of it. From there, he could capture images, record the screen, monitor notifications, change the device’s password and even lock it completely.
By acting silently, the malware also had ways of evading detection by antivirus and other security tools. According to the company, it was activated as soon as the user opened the infected app and then started to act, exploiting old vulnerabilities in Google’s operating system.
Malware acted silently on the cell phone, avoiding detection by antivirus.Source: Freepik
Once installed on the cell phone, AbstractEmu started collecting information and sending it to a remote server. Experts were unable to discover the attackers’ ultimate goal as server access was disabled at the time of malware discovery.
Apps may be available in other stores
In addition to the Play Store, AbstractEmu-infected apps were also distributed by third-party stores such as Samsung Galaxy Store, Amazon Appstore, and Aptoide. So far, only the official Android store has removed it, according to BleepingComputer, that is, they may still be available on other platforms.
One of the malicious apps is Lite Launcher, which accumulated over 10,000 downloads before being deleted from the Google store. The list also includes password managers, file managers and other types of utilities, such as Data Saver, My Phone, All Passwords, Night Light, Anti-ads Browser and Phone Plus apps.
To reduce the risks, those responsible for the discovery recommend downloading apps only from official stores and keeping the operating system up to date, in addition to using security programs.