The International Business Times (IBTimes) reported that Lookout security experts have discovered super dangerous malware that can root a device to gain control and modify system settings.
This malicious code is called “AbstractEmu” and is based on the ability to abstract code (code abstraction) and anti-emulation controls (anti-emulation controls) to make analysis difficult. By “hiding” itself as utility applications, AbstractEmu is able to exploit up to 5 security holes to “root” the device to gain full control and modify system settings.
AbstractEmu has the ability to exploit up to 5 security holes to “root” the device to gain full control and edit system settings (Illustration: TONdroid authority)
“This is an important finding because widespread malware with the ability to root the device has appeared much less in the last 5 years.“Researchers from security firm Lookout shared.
“Although not many, root-capable malicious codes are very dangerous. Rooting the device to access the operating system Android, hackers can silently grant themselves privileges or install additional malicious code, although this method often requires user interaction. Advanced permissions also allow malicious code to access sensitive data from other applications, something that is not possible under normal circumstances.“added the security researchers.
Smartphone users in at least 17 countries have been affected by this new malware
The privileges that the malware grants itself will allow them to receive any two-factor authentication code sent by SMS, or to run in the background and launch phishing attacks. In addition, they can take control of the device remotely, such as capturing content on the screen, accessing accessibility services, or extracting sensitive data from other devices. application other devices on your device, including banking apps, and send them to a remote server.
This attack campaign is carried out regardless of the type of device, infecting as many devices as possible. So far, users in at least 17 countries have been affected by this new malicious code.
According to a report by Lookout, AbstractEmu malware was found to “lurk” in 19 seemingly innocuous applications such as password managers, application launchers, data savers, ad blockers, and some applications. In which, there are 7 applications capable of rooting the device Android, bao gồm: Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light, All passwords và Phone Plus.
7 malicious apps capable of rooting Android devices, including: anti-ad browser, data saver, lite launcher, my phone, night light, all passwords and phone plus
Information about malicious applications
These apps have been distributed through third-party stores like Amazon Appstore and Samsung Galaxy Store, as well as other less popular stores like Aptoide and APKPure. In the case of Lite Launcher, the app was distributed through the Google Play Store and had more than 10,000 downloads before being removed.
The Lite Launcher app was distributed through the Google Play Store and had over 10,000 downloads before it was removed.
In addition to being uploaded to various app stores, these apps are also distributed via advertising on social media and Android-related forums. If your phone has any of the above apps, remove them immediately and preferably reinstall your device.