New Android malware stealthily gains ROOT access: ‘AbstractEmu’ spreads through weaponized apps from third-party external App Stores

AbstractEmu malware Android Devices Smartphones ROOT
New Android malware on the loose. Pic credit: Blogtrepreneur/Flickr

A new malware targeting Android smartphones has once again raised concerns about downloading apps from third-party or external App Stores. The ‘AbstractEmu’ malware has capabilities to gain ROOT access on an Android device, and it is spreading through fake or weaponized utility apps and system tools.

An as-yet-unidentified threat actor is actively lacing multiple utility apps and system tools with the AbstractEmu malware. The Android malware strain has the ability to root smartphones and take complete control over infected smartphones.

Aggressive Android malware spreading through weaponized apps available through third-party App Stores for Android OS:

Android malware isn’t new. Threat actors have long been attempting to infect Android smartphones and devices running the operating system.

Google has Play Protect deployed exclusively for the Android Play Store, the central repository of apps for Android devices. Play Store is the primary and official App Store for Android.

Unlike iOS App Store, the Android OS ecosystem does allow alternative App Stores. Moreover, Apple Inc. does not yet allow iPhone and iPad users to sideload apps.

Google allows Android OS to accept, install, and run sideloaded apps. The newly discovered Android malware uses this very freedom to spread.

Lookout Threat Labs, a security company, claims it discovered a total of 19 Android applications loaded with the new malware, they have dubbed AbstractEmu.

These apps posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps. Out of the 19, seven possessed the rooting functionality.

Only one of the weaponized apps, called Lite Launcher, made its way to the official Google Play Store. It managed to garner a total of 10,000 downloads before Google’s automated threat detection systems purged the same from the Play Store.

The rest of the apps were available through third-party App Stores such as Amazon Appstore and the Samsung Galaxy Store.

AbstractEmu Android malware has multiple techniques to avoid detection during antivirus scans and analysis:

The malware reportedly earned its name owing to its use of code abstraction and anti-emulation checks to avoid running while under analysis. The cybersecurity company that discovered the malware claims, a “well-resourced group with financial motivation,” is behind the malware.

Telemetry data reveals Android device users in the U.S. are the primary target. There are no clear objectives or payloads, yet. Nonetheless, gaining ROOT access to a device grants Administrator or absolute control over the same.

Apps with ROOT permission can grant themselves multiple system-level rights. They can extract data, install apps, download payloads, communicate with the Command and Control servers, and much more.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x