identify a new one malicious program affecting the devices Android. This is Process Manager, a software capable of stealing data, as well as recording audio and tracking the location, while working in the background.
The company of IT security Lab52 has identified this malware, which uses the same shared hosting infrastructure used by a Russian-based cybercriminal group called Turla.
At present, it is not known whether Process Manager is endorsed by Turla or has a direct link or relationship to this campaign, also known as Snake or Uroburos.
This software, also of Russian origin, reaches devices via a malicious APK file that works as spyware or spyware on Android and steals data, without the user noticing as it works in the background.
As the researchers determined, once the application is installed, it is placed in the applications menu and displays a dice icon, which users can confuse with the Settings menu.
What’s more, when first run on the device, it requires a total of 18 permissions to access your phone’s location, screen lock and unlock, Wi-Fi network information or camera sensors built into your phone.
Other permissions required by this application are access to phone calls or contact information and you can start the app when the device is on, send SMS, write to memory card or read external storage devices.
Once the app is opened for the first time, its icon is removed from the app menu egand flows in the background, as it appears in the notification bar.
In this way, in addition to stealing confidential information, it is able to take photos or videos, as well as record audio from the voice recorder which usually comes pre-installed on these mobiles.
In this case, the application manages to extract these recordings in mp3 format in the cache directory and, together with the rest of the data, sends them in JSON format to a server located in Russia.
At the moment, it is unknown where this malware came frombut the researchers found clues in another app called Ro Dhan: Earn Wallet Cash, which was previously available on Google Play.
How to know if there is a spy application on the mobile
There are several steps you can take to scan your mobile device for any spyware or spyware applications.
1. Scan with Play Protect
This tool, available in the Play Store, scans your mobile and applications for malicious behavior. In the event that a risk is detected, the user is notified. This setting is enabled by default and scans run automatically.
To check that the option is enabled and verify that it works correctly, you must enter the Play Store, from your mobile phone, press on the profile photo located at the top right and a menu of options will be displayed.
One of them is Play Protect. He goes in there and looks at the report.
To make sure the option is enabled, tap the gear icon and make sure app scanning with Play Protect is enabled.
2. Check where the apps were downloaded from and what permissions they have
When you activate Play Protect, an automatic scan of installed apps is performed, but it doesn’t hurt to do a manual double check. An interesting point is to check the permissions that the platforms have installed and where they were downloaded from.
To access this information, go to gear icon (the dice symbol) on the mobile phone, then enter Applications and you go there by entering each one to check where it says permissions as well as inside Stores application details. The latter serves to see where the app was downloaded from, which is very important, because if the download was made from an unofficial store, there is more risk that it is a malicious program.
3. Enter Safe Mode to delete suspicious apps
When the phone restarts in safe mode, it disables all third party applications and allows you to delete apps that otherwise could not be deleted. It should be noted that this will not work if the malware has gained root access to the system.
How to enter Safe Mode
To boot into safe mode you have to press the power button until that alternative appears. On some models, when you press the shutdown button, the Shutdown option appears and you need to press again until the Safe Mode legend appears, then click that option again.
Then you have to go to Configuration or Settings and there enter Applications. You will see a list with all download apps. You have to check if you find any with a strange name or that you don’t remember downloading it and delete it.
Before doing so, it is advisable to do a research to find out what you are removing from your device and avoid uninstalling any useful programs that could affect its correct functioning.
In case there is a suspicion that cannot be removed, you need to go to Settings or Settings / Lock and security / Other security settings / Device administration. There you have to disable access to the suspicious program.
In case none of this works, you can resort to copying all the information to the mobile and resetting to factory settings within the Settings menu.