UPDATED 21:15 EDT / OCTOBER 31 2021

SECURITY

New Android malware roots infected devices and takes complete control

A new form of Android malware has been discovered in the wild that can root and take complete control of the infected Android device.

Discovered by researchers at Lookout Inc. and revealed late last week, the new malware has been dubbed “AbstractEmu.” Although the Australian flightless bird may come to mind with the name, the origins are from its infection path. AbstractEmu used code abstraction and anti-emulation checked to avoid running while under analysis.

The researchers discovered 19 related applications to AbstractEmu, with seven containing rooting functionality. One infected app found on Google Play had more than 10,000 downloads. The app has since been removed from Google Play, but the malicious AndroidEmu functionality can be found in apps on third-party stores.

Android malware is not new, but what makes AndroidEmu stand out is that malware with root capabilities is rare in 2021. According to the researchers, the ability to root has become harder as Android has matured, making it less useful for threat actors.

The ability to root a device can be potentially dangerous. By gaining privileged access to an Android device, the threat actor can silently grant themselves dangerous permissions or silently install additional malware. Typically, Android malware requires user interaction. The access also gives the malware access to sensitive data from other apps.

What isn’t known is who is behind AbstractEmu. The best guess of the Lookout researchers is that it’s a well-resourced group with financial motivation. There were also notable similarities to banking trojans found in the code.

“AbstractEmu is a sophisticated and far-reaching malware. Exploiting a chipset vulnerability can allow a hacker to read/write physical memory, ” Doug Britton, chief executive officer of cybersecurity testing company Haystack Solutions Inc., told SiliconANGLE. “As a result, this can allow modification of user privilege. This is a fundamental piece of hardware to hundreds of thousands, even millions of devices. This combined with other highly technical exploits makes AbstractEmu a significant vulnerability.”

Saryu Nayyar, CEO of security information and event management company Gurucul Solutions Pvt. Ltd., noted that phones are increasingly being targeted for attacks, in large part because of the sheer number of devices in active use.

“Users have to take the same care with their phones that they do with their traditional computers, and be wary of installing unknown or unusual apps, and looking for different behaviors as they use their phones,” Nayyar explained. “Enterprises that provide phones to employees have to be able to monitor those devices for unusual activity.”

Photo: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU