• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover new android spyware with c2 server linked to

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

You are here: Home / General Cyber Security News / Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers
April 4, 2022

An Android spyware application has been spotted masquerading as a “Method Supervisor” provider to stealthily siphon sensitive info saved in the contaminated products.

Interestingly, the app — that has the deal title “com.remote.application” — establishes get in touch with with a distant command-and-regulate server, 82.146.35[.]240, which has been formerly discovered as infrastructure belonging to the Russia-based mostly hacking team acknowledged as Turla.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“When the software is operate, a warning seems about the permissions granted to the application,” Lab52 researchers claimed. “These contain display unlock attempts, lock the screen, set the unit world proxy, set display screen lock password expiration, established storage encryption and disable cameras.”

The moment the app is “activated,” the malware gets rid of its equipment-shaped icon from the household monitor and runs in the qualifications, abusing its large permissions to entry the device’s contacts and contact logs, observe its locale, ship and read through messages, accessibility exterior storage, snap images, and document audio.

Android Spyware

The collected data is captured in a JSON format and subsequently transmitted to the aforementioned remote server. Inspite of the overlap in the C2 server utilized, Lab52 reported it isn’t going to have ample evidence to attribute the malware to the Turla group.

CyberSecurity

Also unknown at this phase is the precise initial entry vector used for distributing the adware and supposed targets of the marketing campaign.

That explained, the rogue Android app also tries to download a respectable application identified as Roz Dhan (indicating “Daily Wealth” in Hindi) that has around 10 million installations and lets people to gain cash rewards for completing surveys and questionnaires.

“The software, [which] is on Google Enjoy and is utilized to earn dollars, has a referral system that is abused by the malware,” the scientists explained. “The attacker installs it on the gadget and can make a revenue.”

Observed this posting attention-grabbing? Follow THN on Facebook, Twitter  and LinkedIn to read through a lot more exclusive content material we article.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «multiple hacker groups capitalizing on ukraine conflict for distributing malware Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware
Next Post: Ransomware and Microsoft 365 for business ransomware and microsoft 365 for business»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site
  • FCC Wants to Accelerate Breach Reporting for Telcos

Copyright © TheCyberSecurity.News, All Rights Reserved.