BEWARE! AbstractEmu Trojan sneaks into Google Play and can root your Android device


Share post:

Unknown attackers have publish several Trojanized apps into Amazon’s App Store, Google Play and Samsung’s Galaxy Store. Security researchers at the Lookout Threat Lab discovered a new rooting malware that affects apps on Google Play, Amazon Appstore and the Samsung Galaxy Store.

Large app stores such as Google Play actually want to use various security measures to prevent the entry of apps with malicious code. But obviously that doesn’t always work reliably. Lookout security researchers have come across dangerous Trojan apps in official app stores that can root Android devices. If this works, attackers usually have full control over devices.

AbstractEmu Trojan

Why is the trojan malware named “AbstractEmu”?

The trojan malware was “AbstractEmu” because it uses code abstraction and anti-emulation checks to avoid running while under analysis.

Lookout Threat Lab discovered 19 related applications, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads. To protect Android users, Google promptly removed the app as soon as the discovery was made and communicated.

AbstractEmu Trojan

The malware can take full control of your device!

Root users have access to all elements of the Android operating system. In this case, apps with malicious intent can bend all settings and activate permissions. The AbstractEmu Trojan should then have access to the microphone and the camera and be able to take screenshots.

What is Rooting?

Rooting is the process of gaining “root access” or privileged control over devices, most commonly Android smartphones and tablets. It enables a normal user to have administrator-level permissions to the operating system environment. In the case of Android devices, it helps in circumventing the security architecture, but if not done correctly, could potentially cause problems.

▶ Attackers could use rooting to gain access to passwords. In addition, it should be able to intercept SMS messages with codes from two-factor authentication (2FA). Equipped with this, attackers could, for example, gain access to accounts that are actually secured with 2FA.

▶ What exactly the criminals want to achieve with the Trojan apps is currently unclear. The security researchers assume that it is primarily about money. The campaign will be active in 17 countries around the world.

TIP: Avoid dubious apps for more security

Only install apps from trusted sources. This not only means the app store itself, but also the software manufacturer. 

▶ Here you should rely on well-known, reputable manufacturers. If a manufacturer name sounds unfamiliar to you, go for apps with a high number of downloads and good ratings. 

▶ You should not only look at comments in the app store itself, but also use the search engine to browse online forums or advice articles to get an idea of ​​the app’s reputation. Information about dubious apps usually spreads quickly on the web. 

▶ If in doubt, do not install it if you are unsure.

Tim Gumbert
Tim Gumbert
Tim is the go-to guy when it comes to finding all the gems regarding life as an Expat in Germany. His whole motto is discover Germany on your own and without a roadmap, explore new routes while climbing or mountain biking.


Please enter your comment!
Please enter your name here

Related articles

This is how ELStAM, the electronic wage tax deduction features work

In Germany, income tax is the most important tax for business and workers. For one calendar year, you...

How much money do you need to live in Berlin? Cost of living

When thinking about moving to Berlin, the following question is often decisive: How much money do I need...

Mini job wage increase in Germany (from 450-euro to 520-euro per month in 2022) – A demand for fairness!

The upper limit for mini-jobs is to rise from 450 to 520 euros per month on October 1st. That...

How to find a student job, side job or odd job in Germany

A large majority of German students have odd jobs alongside their studies. What is commonly referred to as...