A well-resourced gang with financial incentive has been attributed to being behind a widely spread rooting malware operation, with telemetry data showing that Android device owners in the United States were the most affected. The infiltration’s ultimate goal is still a mystery.
The unnamed threat actors are behind a new strain of Android malware that may root smartphones and take total control of affected devices, while also attempting to avoid detection. The new threat has been dubbed “AbstractEmu“, due to its use of code abstraction and anti-emulation checks.
Attackers may use one of the following exploits for old Android security holes to get root access and take control of the device.
Once they successfully compromise the smart device, they can then harvest sensitive data and send it to a site controlled by them.
Research reveals that a total of 19 rogue applications for android, disguised as system tools and utility apps, such as money and password managers, data saving apps and launchers, etc., have been utilized for the malware campaign. Seven of them have been spotted to have rooting-capabilities. However, only the Lite Launcher app was the only one of the malicious applications to make it into the Google Play Store (with a total of 10 000 downloads) before it was removed.
It’s important to note that the worldwide malware campaign is designed to target and infect as many Android devices as possible. It is believed that the programs have been widely disseminated via third-party markets such as Amazon Appstore and Samsung Galaxy Store, as well as other less-known markets like Aptoide and APKPure.
According to security professionals, rooting malware may be very harmful because threat actors may secretly give themselves dangerous permissions or install additional malware by rooting Android and gaining privileged access to the operating system without the user’s knowledge. As a result, they may be able to access sensitive data from other apps thanks of the elevated privileges.
Mobile devices are common targets for cyber criminals, as they have a lot of applications and features and hold a huge amount of sensitive data that could be exploited, according to researchers. Rooting Android or jailbreaking iOS devices are among the most invasive methods that hackers use to fully compromise mobile devices, professionals conclude.