• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

You are here: Home / General Cyber Security News / Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers
April 4, 2022

Android Spyware

An Android spyware application has been spotted masquerading as a “Method Supervisor” provider to stealthily siphon sensitive info saved in the contaminated products.

Interestingly, the app — that has the deal title “com.remote.application” — establishes get in touch with with a distant command-and-regulate server, 82.146.35[.]240, which has been formerly discovered as infrastructure belonging to the Russia-based mostly hacking team acknowledged as Turla.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

“When the software is operate, a warning seems about the permissions granted to the application,” Lab52 researchers claimed. “These contain display unlock attempts, lock the screen, set the unit world proxy, set display screen lock password expiration, established storage encryption and disable cameras.”

The moment the app is “activated,” the malware gets rid of its equipment-shaped icon from the household monitor and runs in the qualifications, abusing its large permissions to entry the device’s contacts and contact logs, observe its locale, ship and read through messages, accessibility exterior storage, snap images, and document audio.

Android Spyware

The collected data is captured in a JSON format and subsequently transmitted to the aforementioned remote server. Inspite of the overlap in the C2 server utilized, Lab52 reported it isn’t going to have ample evidence to attribute the malware to the Turla group.

CyberSecurity

Also unknown at this phase is the precise initial entry vector used for distributing the adware and supposed targets of the marketing campaign.

That explained, the rogue Android app also tries to download a respectable application identified as Roz Dhan (indicating “Daily Wealth” in Hindi) that has around 10 million installations and lets people to gain cash rewards for completing surveys and questionnaires.

“The software, [which] is on Google Enjoy and is utilized to earn dollars, has a referral system that is abused by the malware,” the scientists explained. “The attacker installs it on the gadget and can make a revenue.”

Observed this posting attention-grabbing? Follow THN on Facebook, Twitter  and LinkedIn to read through a lot more exclusive content material we article.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «multiple hacker groups capitalizing on ukraine conflict for distributing malware Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers
  • Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware
  • Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles
  • Jack Dorsey admits regret for helping to decentralise the internet
  • Trezor Customers Phished After MailChimp Compromise
  • Scottish Power Parent Company Hit by Data Breach
  • Lapsus Teen Suspects Have their Day in Court
  • Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
  • Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers
  • 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.