Unknown attackers have publish several Trojanized apps into Amazon’s App Store, Google Play and Samsung’s Galaxy Store. Security researchers at the Lookout Threat Lab discovered a new rooting malware that affects apps on Google Play, Amazon Appstore and the Samsung Galaxy Store.
Large app stores such as Google Play actually want to use various security measures to prevent the entry of apps with malicious code. But obviously that doesn’t always work reliably. Lookout security researchers have come across dangerous Trojan apps in official app stores that can root Android devices. If this works, attackers usually have full control over devices.
Why is the trojan malware named “AbstractEmu”?
The trojan malware was “AbstractEmu” because it uses code abstraction and anti-emulation checks to avoid running while under analysis.
Lookout Threat Lab discovered 19 related applications, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads. To protect Android users, Google promptly removed the app as soon as the discovery was made and communicated.
The malware can take full control of your device!
Root users have access to all elements of the Android operating system. In this case, apps with malicious intent can bend all settings and activate permissions. The AbstractEmu Trojan should then have access to the microphone and the camera and be able to take screenshots.
What is Rooting?
Rooting is the process of gaining “root access” or privileged control over devices, most commonly Android smartphones and tablets. It enables a normal user to have administrator-level permissions to the operating system environment. In the case of Android devices, it helps in circumventing the security architecture, but if not done correctly, could potentially cause problems.
▶ Attackers could use rooting to gain access to passwords. In addition, it should be able to intercept SMS messages with codes from two-factor authentication (2FA). Equipped with this, attackers could, for example, gain access to accounts that are actually secured with 2FA.
▶ What exactly the criminals want to achieve with the Trojan apps is currently unclear. The security researchers assume that it is primarily about money. The campaign will be active in 17 countries around the world.
TIP: Avoid dubious apps for more security
Only install apps from trusted sources. This not only means the app store itself, but also the software manufacturer.
▶ Here you should rely on well-known, reputable manufacturers. If a manufacturer name sounds unfamiliar to you, go for apps with a high number of downloads and good ratings.
▶ You should not only look at comments in the app store itself, but also use the search engine to browse online forums or advice articles to get an idea of the app’s reputation. Information about dubious apps usually spreads quickly on the web.
▶ If in doubt, do not install it if you are unsure.