CybersecuritySecurity NewswireCybersecurity News

New 'AbstractEmu' Android malware seizes total control of your device, evades detection

malware freepik
November 1, 2021

Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu, with rooting capabilities distributed on Google Play and major third-party stores, including the Amazon Appstore and Samsung Galaxy Store.


Lookout researchers named the malware "AbstractEmu" after using code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads. Google promptly removed the app as soon as Lookout notified them of the malware to protect Android users. However, the other app stores are likely still distributing them.


While rare, rooting malware is very dangerous. Using the rooting process to gain privileged access to the Android operating system allows the threat actor to silently grant themselves dangerous permissions or install additional malware — steps that would typically require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances.


While there's not much known about who is behind AbstractEmu, Lookout thinks the actors are a well-resourced group with financial motivation. Their code-base and evasion techniques — such as the use of burner emails, names, phone numbers and pseudonyms — are pretty sophisticated. Lookout also found parallels between the malware and banking trojans, such as the untargeted distribution of their apps and the permissions they seek.


Researchers say one of the significant clues as to the threat actors behind AbstractEmu is based on the widespread, untargeted distribution of the apps. Of the 19 apps found related to the malware, most were disguised as utility apps such as password or money managers and system tools like file managers and app launchers. All of them appeared to be functional to the users. 


For the full story, please visit https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign.

KEYWORDS: cyber security information security malware risk management

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Related Products

See More ProductsSee More Products

Events

View AllSubmit An EventView AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!