Joseph Henry, Tech Times

The Turla hacking group might be the culprit behind the deployment of notorious spyware that hit Android devices. According to the latest report, the experts believed that it came from Russian state-sponsored hackers.

Aside from using this malware for espionage, it can also gain access to the other features of your phone, including the internet, camera, messages, and more.

Android Spyware Linked to Turla Group

Turla Android Spyware From Russia Can Access Your Device's Location, Record Audio, and More | Beware of This Malware
(Photo : Mael BALLAND from Unsplash)
The Lab52 team found out that known Android spyware could be connected to a Russian state-sponsored hacking group known as Turla.

Prior to a recent case connected to Turla, the notorious group of cybercriminals was once involved in the controversial SolarWinds supply chain attack that took place in December 2020.

However, the Lab52 cybersecurity researchers have found out that the same group is operating Android spyware, which is used to track the location of a device. The findings led to the detection of the "Process Manager," an APK which is believed to be emulating the said malware.

According to a report by Bleeping Computer, the experts have not yet uncovered the distribution process of the spyware. However, they discovered that the Process Manager has the ability to keep itself concealed from unaware users. This makes it even hard to recognize if you're not paying close attention to your system component.

Moreover, it should be noted that this suspicious application can trigger 18 permissions in your Android device, which include:

  • Access coarse location
  • Access fine location
  • Access network state
  • Access WiFi state
  • Camera
  • Foreground service
  • Internet
  • Modify audio settings
  • Read call log
  • Read contacts
  • Read external storage
  • Write external storage
  • Read phone state
  • Read SMS
  • Receive boot completed
  • Record audio
  • Send SMS
  • Wake log

If all permissions are allowed on your device, the users are exposed to a high risk of being tracked. Additionally, the hackers can know more private information about them, including details about their bank accounts, email addresses, passwords, and more.

Once the permissions have taken effect, the Android spyware will continue to operate in the background. You will only know that it's running because of its "permanent" notification.

As of press time, the security analysts have not yet determined how the APK is distributed in the system. If the Turla group is indeed behind this incident, it could deploy many methods, including phishing and social engineering.

Related Article: Viasat Hit with Russia's Wiper Malware called 'AcidRain,' Affecting European Services

Android App Used in Cyber Espionage

The Lab52 team also discovered that there's an app that is abused for profit. The so-called "Roz Dhan: Earn Wallet Cash" can be searched on the Google Play Store, Portuguese tech site TugaTech reported. The application sounds too good to be true since the user could gain money via a referral system.

According to cybersecurity researchers, it's quite strange to pull off this gimmick since the main focus of hackers is to spy on their victims.

Per experts, Android users should always be careful about the apps that they are downloading. They should also regularly review the app permissions to avoid security and privacy risks.

Read Also: US Warns of Russian State-Sponsored Hackers Using Exploits of 'PrintNightMare,' MFA Defaults

This article is owned by Tech Times

Written by Joseph Henry 

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Turla Turla Android Spyware Turla Malware Russia Hackers Cybersecurity State-Sponsored Hackers
Join the Discussion