Tag Archive for: roots

New Android malware roots infected devices and takes complete control

/in


A new form of Android malware has been discovered in the wild that can root and take complete control of the infected Android device.

Discovered by researchers at Lookout Inc. and revealed late last week, the new malware has been dubbed “AbstractEmu.” Although the Australian flightless bird may come to mind with the name, the origins are from its infection path. AbstractEmu used code abstraction and anti-emulation checked to avoid running while under analysis.

The researchers discovered 19 related applications to AbstractEmu, with seven containing rooting functionality. One infected app found on Google Play had more than 10,000 downloads. The app has since been removed from Google Play, but the malicious AndroidEmu functionality can be found in apps on third-party stores.

Android malware is not new, but what makes AndroidEmu stand out is that malware with root capabilities is rare in 2021. According to the researchers, the ability to root has become harder as Android has matured, making it less useful for threat actors.

The ability to root a device can be potentially dangerous. By gaining privileged access to an Android device, the threat actor can silently grant themselves dangerous permissions or silently install additional malware. Typically, Android malware requires user interaction. The access also gives the malware access to sensitive data from other apps.

What isn’t known is who is behind AbstractEmu. The best guess of the Lookout researchers is that it’s a well-resourced group with financial motivation. There were also notable similarities to banking trojans found in the code.

“AbstractEmu is a sophisticated and far-reaching malware. Exploiting a chipset vulnerability can allow a hacker to read/write physical memory, ” Doug Britton, chief executive officer of cybersecurity testing company Haystack Solutions Inc., told SiliconANGLE. “As a result, this can allow modification of user privilege. This is a fundamental piece of hardware to hundreds of thousands, even millions of devices. This combined with other highly technical exploits makes AbstractEmu a significant vulnerability.”

Saryu Nayyar, CEO of security information and event management company…

Source…

New AbstractEmu malware roots Android devices, evades detection

/in


New AbstractEmu malware roots Android devices, evades detection

Image: Jon Hunter

New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks.

The malware, dubbed AbstractEmu by security researchers at the Lookout Threat Labs who found it, was bundled with 19 utility apps distributed via Google Play and third-party app stores (including the Amazon Appstore, the Samsung Galaxy Store, Aptoide, and APKPure).

Apps bundling the malware included password managers and tools like data savers and app launchers, all of them providing the functionality they promised to avoid raising suspicions.

The malicious apps were removed from the Google Play Store after Lookout reported their discovery. However, the other app stores are likely still distributing them.

Lite Launcher, an app launcher and one of the apps used to deliver the AbstractEmu malware on unsuspecting Android users’ devices, had over 10,000 downloads when taken down from Google Play.

“AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app,” the Lookout researchers said.

“As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading.”

Once installed, AbstractEmu will begin harvesting and sending system information to its command-and-control (C2) server while the malware waits for further commands.

AbstractEmu collected system info
System info collected by AbstractEmu (Lookout)

Exploits upgraded to target more Android devices

To root Android devices it infects, AbstractEmu has multiple tools at its disposal in the form of exploits targeting several vulnerabilities, including CVE-2020-0041, a bug never exploited in the wild by Android apps before this.

The malware also uses a CVE-2020-0069 exploit to abuse a vulnerability found in MediaTek chips used by dozens of smartphone manufacturers that have collectively sold millions of devices.

The threat actors behind AbstractEmu also have enough skills and tech know-how to add support for more targets to publicly available code for CVE-2019-2215 and CVE-2020-0041…

Source…

T-Mobile hack is a return to the roots of cybercrime

/in



The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running. The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type …

Source…

Hacktivism returns to its roots as a cyber warfare tool – The Daily Swig

/in

Hacktivism returns to its roots as a cyber warfare tool  The Daily Swig

Back in hack. THE LONG READ Hacktivism – a topic brought to the fore a decade ago, thanks to the antics of Anonymous and LulzSec – has seemingly been in …

“cyber warfare news” – read more