"AbstractEmu" Android Malware seized full control of your phone — what to Do

"AbstractEmu" Android Malware seized full control of your phone — what to Do

Newly discovered Android malware takes advantage of five different known security flaws to gain "root" privileges on smartphones, giving itself greater system capabilities than normal phones

The malware, named AbstractEmu by the discoverers at information security firm Lookout, has been found in the Amazon App Store, Samsung Galaxy Store, as well as Aptoide, APKPure, and other "offload" Android It is hidden in utility, security, and privacy apps found in the app market

One of the apps, called Lite Launcher, was downloaded more than 10,000 times from the official Google Play Store until Google removed it after receiving notification from Lookout Despite containing malware, these Trojanized apps are well designed and function as advertised, so you probably won't notice anything wrong with them [Yesterday (October 28), Kristina Balaam and Paul Shunk of Lookout wrote in a blog post, "This is an important finding because over the past five years, malware with root functionality has become rare to be widely distributed"

Installing such a poisoned app installs spyware posing as a storage manager called "Setting Storage," which "gives access to contacts, call history, SMS messages, location, camera, and microphone" in a three-step The infection process is initiated

Because the spyware has root privileges, it resets device passwords, locks you out of your own device, draws on top of other windows, installs more apps, captures screenshots, displays notifications, and records screen activity, disable Google Play protection, and more

The ultimate purpose of this malware campaign is unknown as the command and control server was taken offline before Lookout's researchers captured the final payload

However, the malware's capabilities go far beyond what is required to steal sensitive information such as passwords and credit card numbers from Android phones or to register Android users for premium SMS scams, as most malware does these days beyond

Of the 19 known apps distributed in this malware campaign, seven have rooting capabilities They are:

If any of the apps match these names, we recommend checking to see if they are indeed the same app Many apps share a name, but the package name (the text string beginning with "com" above) is unique

Using a desktop browser, go to the app store where you got the app and search for it If the app is not in the app store, remove it from the device

If the app you downloaded is still there, see if the icon on the list page for that app matches the one on your phone If so, check the URL, or web address, of the listing page; somewhere in the URL should be an Android package name If it matches the package name above, remove the app

This last step does not work with the Amazon App Store; the Amazon App Store does not seem to list the Android package name of the app anywhere Use your own judgment

You should also keep your Android phone as updated as possible The flaws used by this malware have all been fixed as of the official Android security update in March 2020 If your Android phone has not received a security update since then, it may be time to consider purchasing a new phone

As always, to stay one step ahead of the scammers, you want to install one of the best Android antivirus apps and not install apps from the offload store

Categories