Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Android Security

Newly-Discovered 'AbstractEmu' Malware Rooted Android Devices, Evaded Detection (bleepingcomputer.com) 34

"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer.

Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads...

This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances...

AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.

"Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..."

Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.
This discussion has been archived. No new comments can be posted.

Newly-Discovered 'AbstractEmu' Malware Rooted Android Devices, Evaded Detection

Comments Filter:
  • by Anonymous Coward on Sunday October 31, 2021 @01:12PM (#61944967)

    where is the list of the 17 apps infected with the malware and removed?
    Low quality "journalism" by ignoring basic info that should be provided

  • by Ostracus ( 1354233 ) on Sunday October 31, 2021 @01:12PM (#61944969) Journal

    AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.

    Sounds like a reason for making rooting harder.

    • by Anonymous Coward

      Sounds like a reason for making rooting harder.

      How about they make it so I can install LineageOS with ease, so that I can keep my device up-to-date?

    • by Aighearach ( 97333 ) on Sunday October 31, 2021 @01:51PM (#61945071)

      Right, right, my thinking is, I hope this leads to a new rooting tool!

      What sort of idiot installs random apps from an "app store" run by a company too big to individually assess them?

      • Re: (Score:3, Insightful)

        <quote><p>What sort of idiot installs random apps from an "app store" run by a company too big to individually assess them?</p></quote>

        Far too many people. In fact, they will even go out of their way to override protections & install malware, as demonstrated by the recent DHL SMS debacle.
      • The public might assume "Diznee" sells merch sewn together by 8 year old girls in a fire trap factory.

        However, people regularly buy Disney merch which is sewn together by those 8 year old girls and assume that this is not the case.

        People trust big names and assume that what they are getting is quality merch without anything shady behind it.

        So yes, people download from Google Play with the assumption Happy Sparkly Face Selfies won't secretly drain their bank accounts.

    • Rooting is supposed to be harder already. An app is not supposed to be able to root your device.

    • "Sounds like a reason for making rooting harder"

      And of course, the legit device owners get thrown behind the same bars that the malware writers do.

        If people were allowed to modify and have full root access to the stuff they paid for..but currently it's fuck the customer.

  • by oldgraybeard ( 2939809 ) on Sunday October 31, 2021 @01:48PM (#61945059)
    App Stores. The individuals downloading these apps think they are getting them from a reputable source. If fact, the individuals downloading the apps don't have the means to know if an app is good or bad they just trust the Big Tech companies to protect them. Seems to me Big Tech is showing their true colors. Harming users, Oh well! were making a bundle off them so we just need to look like we care.
    • by Anonymous Coward

      The app was reported and it was pulled immediately. Not sure what you're going on about.

      • Exactly, they take the path of least resistance and effort(cost) required. For Big Tech, harm is just the collateral damage of their revenue stream. They can't be trusted! So very very few apps should be downloaded and used. Only when it is absolutely required. The idea is to lessen the danger.
        • by gtall ( 79522 )

          Ya, yer right. If one app cannot be trusted, then the entire company (who didn't write app) cannot be trusted because one slipped by and they weren't 100% infallible. So Mr. Pope, care to explain any of your screwups?

  • by Urinal Pube ( 4508429 ) on Sunday October 31, 2021 @03:03PM (#61945267)
    Is it weird that my take away is that maybe there's hope that some of the phone models I've held off on buying will finally allow me root access.
  • ... widely-distributed malware with root capabilities ...

    One day I discovered my computer can connect to its OEM server, download an update and install firmware before accessing the HDD. I immediately thought of someone staging a MitM attack. The first step will be stealing the signing certificate and source code used for firmware images, not an easy task, but once done, millions of computers will be permanent slaves of a criminal gang. Sidestepping the question "What can they do with millions of Giga-flops?", that's a million reasons for a criminal gang to ke

  • I use the minimum number of apps to do what I need done, never game and otherwise minimize my phone use to one burner email account, messaging, navigation and the few voice calls I can't avoid.

    There should not be thousands of apps in the first place and stores should be strictly curated but that won't happen because money.

  • Dear slashdot, if the devices have to be already infected so as the malware can achieve root. Your title “Newly-Discovered 'AbstractEmu' Malware Rooted Android Devices” is in error. But then what can we expect from the Microsoft bleepingcomputer.

Keep up the good work! But please don't ask me to help.

Working...