Newly-Discovered 'AbstractEmu' Malware Rooted Android Devices, Evaded Detection (bleepingcomputer.com) 34
"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer.
Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads...
This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances...
AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.
"Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..."
Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.
Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads...
This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances...
AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.
"Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..."
Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.
Re: (Score:3, Informative)
Actually upon googling his name I don’t feel bad in the least.
https://www.upi.com/Top_News/U... [upi.com]
https://www.ydr.com/story/news... [ydr.com]
Re: (Score:2)
Actually upon googling his name I don’t feel bad in the least.
Thank goodness people like you aren't in charge. However we still have a long way to go before the justice system fully deals in prevention, rehabilitation, and restitution rather than punishment. Punishment is about moralism and ineffective deterrence. Prevention and rehabilitation are about the good of society, including perpetrators, potential perpetrators, and potential victims.
FYI I'm not even strongly against the death penalty, but torture or maiming someone's body does not have any place in a modern
Re: (Score:2, Offtopic)
"Don't arrest me, I'm praying!" is not likely to be a very effective technique, especially after assaulting the police.
Re: (Score:1)
They already have that on p0rn hub.
Re: The violating of a Proud Boy. (Score:2, Offtopic)
Or how about we don't continue to have a badly educated public who falls for "Proud Boys" and other nonsense that relies on the gullible and angry to grow their ranks.
Proud Boys and other extremists in both left and right wing flavors are the product of an unjust, and poorly educated society that rewards ignorance and punishes the smart. Even school principals are in on the action as they give the football star a pass on any wrongdoing, while at the same time they ignore the smart teen who is being bullied
List of Apps with malware? (Score:5, Insightful)
where is the list of the 17 apps infected with the malware and removed?
Low quality "journalism" by ignoring basic info that should be provided
Re: (Score:2)
Precisely my same complaint. Put the list at the front of the article, or at least in the /.summary.
Re: (Score:2)
Also: Which versions of Android are affected by this?
Re: List of Apps with malware? (Score:3)
I've noticed too that these types of articles often leave out "The List"
" A brand of nacho chips will kill you! We won't tell you which one until after the game!".
The Simpsons feels more like a documentary rather than a parody of real life as time moves on.
Re: List of Apps with malware? (Score:1)
Objections, your honor. (Score:4, Insightful)
AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.
Sounds like a reason for making rooting harder.
Disallow root -- only the malware gets root. (Score:3, Insightful)
Sounds like a reason for making rooting harder.
How about they make it so I can install LineageOS with ease, so that I can keep my device up-to-date?
Re: Disallow root -- only the malware gets root. (Score:3)
Re:Objections, your honor. (Score:4, Interesting)
Right, right, my thinking is, I hope this leads to a new rooting tool!
What sort of idiot installs random apps from an "app store" run by a company too big to individually assess them?
Re: (Score:3, Insightful)
Far too many people. In fact, they will even go out of their way to override protections & install malware, as demonstrated by the recent DHL SMS debacle.
Re:Objections, your honor. (Score:4, Insightful)
Ok, but as a person who doesn't do that, why do I care?
Why would I stop wanting a rooting tool that would give me control over my device, in order to protect idiots that could protect themselves just by listening to the risks and learning reasonable precautions?
Re: Objections, your honor. (Score:3)
The public might assume "Diznee" sells merch sewn together by 8 year old girls in a fire trap factory.
However, people regularly buy Disney merch which is sewn together by those 8 year old girls and assume that this is not the case.
People trust big names and assume that what they are getting is quality merch without anything shady behind it.
So yes, people download from Google Play with the assumption Happy Sparkly Face Selfies won't secretly drain their bank accounts.
Re: Objections, your honor. (Score:2)
Rooting is supposed to be harder already. An app is not supposed to be able to root your device.
Re: Objections, your honor. (Score:2)
"Sounds like a reason for making rooting harder"
And of course, the legit device owners get thrown behind the same bars that the malware writers do.
If people were allowed to modify and have full root access to the stuff they paid for..but currently it's fuck the customer.
Big Tech is running these (Score:3)
Re: (Score:1)
The app was reported and it was pulled immediately. Not sure what you're going on about.
Re: (Score:2)
Re: (Score:2)
Ya, yer right. If one app cannot be trusted, then the entire company (who didn't write app) cannot be trusted because one slipped by and they weren't 100% infallible. So Mr. Pope, care to explain any of your screwups?
Is it weird? (Score:3)
Millions of Giga-flops (Score:2)
One day I discovered my computer can connect to its OEM server, download an update and install firmware before accessing the HDD. I immediately thought of someone staging a MitM attack. The first step will be stealing the signing certificate and source code used for firmware images, not an easy task, but once done, millions of computers will be permanent slaves of a criminal gang. Sidestepping the question "What can they do with millions of Giga-flops?", that's a million reasons for a criminal gang to ke
If it's not proven don't fucking install it. (Score:2)
I use the minimum number of apps to do what I need done, never game and otherwise minimize my phone use to one burner email account, messaging, navigation and the few voice calls I can't avoid.
There should not be thousands of apps in the first place and stores should be strictly curated but that won't happen because money.
New Android malware can root infected devices (Score:2)