Rare malware with superuser rights attacks Android devices - News Press

Privacy Is a Myth

Rare malware with superuser rights attacks Android devices

Share This

Security researchers at Lookout have discovered new Android malware that can gain superuser privileges on devices, a feature rarely seen in Android malware in recent years.

The malware, dubbed AbstractEmu, was distributed through 19 mobile apps from Google Play, Amazon Appstore, Samsung Galaxy Store, and unofficial stores. Only one of 19 apps, Launcher, made it to Google Play, from where it was downloaded only 10,000 times.

Once on the victim's device, AbstractEmu downloads and executes one of five exploits for old Android vulnerabilities that allow to gain superuser privileges: CVE-2020-0041, CVE-2020-0069, CVE-2019-2215, CVE-2015-3636, and CVE- 2015-1805.

By elevating its privileges with an exploit, AbstractEmu gains access to dangerous permissions and then gains access to additional malicious components on the device.

After infecting the device, the malware collects and sends the following data to a remote server: information about the phone (manufacturer, model, version, serial number), IP address, Wi-Fi / Bluetooth and MAC addresses, application package name, permissions received by the application, data SIM info (number, carrier, IMEI), time zone, account information, application process ID, application supported command numbers, application installer package name, and superuser status.

According to the researchers, the developers of AbstractEmu are "a group with large resources and pursuing financial benefits."

As explained in the Lookout, the name was chosen AbstractEmu, because the malware uses code abstraction and anti-emulation test, in order to avoid run in a sandbox and analyzing information security spetsialistami.

No comments:

Post a Comment