Google is doing everything in its ability to keep malware and hack apps away from the Android ecosystem – at least on the Play Store. Unfortunately, hackers are one step ahead and the newly discovered Android malware is proof enough. Dubbed AbstractEmu the phony code was discovered by security researchers at the Lookout Threat Labs who found the malware rigged in functional apps. The worrying thing is, it roots the device without even you knowing it and then makes way for more malware to be installed.
AbstractEmu exploits five different security loopholes in the Android ecosystem to gain “root” access on mobile devices. This evidently gives the malware more access to the system permissions than it should ideally get, and therefore, completes exposes your world to hackers.
The security firm identified the malware to be present in 19 utility apps (like data savers, app launchers or password managers) on Play Store and third-party stores like Amazon App Store, the Samsung Galaxy Store, plus Aptoide, APKPure and other lesser-known Android app markets.
One of these apps identified is the “lite Launcher” having more than 10,000 downloads in the Play Store. After the security firm’s discovery, the app has been removed from the Play Store but might be still present at other places.
Installing such apps results in a three-stage infection modus operandi and the user unintentionally installs spyware that has full access to contacts, call logs, SMS messages, location, camera and microphone. As scary as it sounds, the end result of such a breach could be serious, as all the sensitive information is up on user’s device.
Why the malware was created is still unknown as the command-and-control servers on which the malware was on, went offline before Lookout researchers could identify the final payload. The way in which it was designed suggests it could have stolen passwords, credit card numbers or sensitive information from an unfortunate Android user’s phone.