'AbstractEmu' Rooting Malware found its way to different Android app stores

‘AbstractEmu’ Rooting Malware found its way to different Android app stores

Another Android malware has been detected that takes control over the victim’s smartphones. Worse, it has become widespread that it has found its way to different Android app stores.

The newly discovered malware named ‘AbstractEmu’ uses five different known security flaws to gain “root” permission on smartphones. This gives the malware greater system abilities than you normally have on a regular phone.


New Android malware takes control over the victim’s smartphone

Google is doing everything in its capabilities to keep malware and other viruses away from its apps and services –– at least in the Play Store.

Even tightening up its rules and regulations so as to regulate its developers from making apps that are dangerous. Unfortunately, cybercriminals are a step ahead and this newly discovered Android malware is proof enough.

New Android malware takes control over the victim's smartphone
New Android malware takes control over the victim’s smartphone

Security researchers from the Lookout Threat Labs named the malware AbstractEmu is posing in functional apps such as utility, security and privacy apps.

Not only that its found in Google’s Play Store but it has also found its way to Amazon App Store, Samsung Galaxy Store, plus Aptoide, APKPure, and other Android app stores.

The malware is found in a total of 19 apps, one app is the Lite Launcher, which is downloaded more than 10,000 times off of Play Store already. This was officially from Google and was shortly removed from the platform after it was reported by the Lookout.

Read: How to Remove Malware from Your Android Phone [2 Methods]

How does this new Android malware called AbstractEmu work?

The newly discovered malware AbstractEmu, gains root access to the Android device without you knowing and then silently changes the device’s settings. Aside from that, the malware then silently installs itself on the device.

In addition to that, the malware can perform tasks on your device like reset the device password, lock your phone, monitor notifications, capture screenshots, and record your device’s screen.

According to Lookout, malware with root capabilities is very rare but as equally as dangerous. A malware like this one can grant itself whatever permissions and do a lot of damage –– all without the user knowing.

“This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years,” says Lookout’s Kristina Balaam and Paul Shunk in a blog posted.

With greater power comes great damage

What happens if you accidentally downloaded an app that’s plagued with this malware? Well, installing one of these apps could lead you to three stages of infection process.

All these stages would only end up with the installation of spyware disguised as a storage manager called “Setting Storage” that has “access to contacts, call logs, SMS messages, location, camera and microphone.” that only ens up with the installation of spyware disguised

Because of the malware’s rooting capabilities, it can grant permissions to tasks such as reset the device’s passwords, install more apps, capture and record screen, view notifications, disables Google Play Protect, and more.

The malware’s ultimate goal is still not known because its command-and-control server went offline before the folks from Lookout were able to capture the final payload.

However, the malware’s potential is way beyond than what is required to steal passwords, credit card numbers, and other sensitive information from Android phone, like most malware does these days.

Nonetheless, for your safety, always keep your device up to date with the latest software. Also, be careful of what you download, if an app looks suspicious then don’t install it.

Finally, only stick to an official app store and don’t donwload from any third-party platforms.

Maybe these articles can help:

Leave a Reply

Your email address will not be published. Required fields are marked *