Beware Of This Spyware On Android Phones

Malicious apps popping up in the Google Play store for Android devices aren't a new problem. The latest of these came to light just this week courtesy of a Lab52 report on a newly-discovered threat contained in a benign-looking Android application package (APK). According to the report, the malicious app may potentially be connected to the Russian hacking group Turla, but Lab52 acknowledges that this spyware's capabilities are beyond what it believes the group is capable of.

The malicious app was first found connected to a seemingly unrelated app called "Roz Dhan: Earn Wallet cash." Lab52's research showed that once the innocuous app was downloaded, the second app, (the spyware), appeared under the name "Process Manager," complete with a gear-shaped icon to make it look more like an official Settings-style app. 

The malicious app could take control of an Android device's camera, microphone, lock screen, storage encryption, and more. Given permission by its user, the app icon associated with the spyware could disappear and continue to run in the background while basically being able to control or otherwise monitor device functions from top to bottom, without making a peep. 

Calling it "complete control" isn't really an exaggeration, as the malicious app's list of affected processes is quite extensive, according to Lab52. The malicious app can stealthfully record you through the camera or microphone, send messages on its own, read text messages, listen in on phone calls, and even read information from external devices that have been connected to your Android phone.

How to fix or avoid this malicious software

The best way to combat this particular form of spyware is to not give it software permissions in the first place. In fact, it's a good basic practice to be extremely wary of any apps downloaded from unfamiliar sources — and sometimes familiar sources, too — and always pay close attention to the permissions any new app requests at any point.

But if anything like this malicious "Process Manager" software has been installed, and if it has been given the permissions it asks for, removal may still be an option — although once enabled it won't show up as a regular app. According to Lab52's research, the "Process Manager" app will appear as an active process in your phone's notification bar, which will provide you with an opportunity to cease its functions and remove it.

Another option you have is to open your Android phone's permission settings and revoke anything that looks suspicious — and in this particular case it may not all appear under the title "Process Manager." This method won't remove the spyware, but it will cut it off and essentially render it useless — a decent, more cautious short-term choice if you're worried about accidentally removing any important programs by mistake. 

Open Settings, tap Privacy, tap Permission manager, and halt anything that looks suspicious. As of Google's release of Android 11, your device should already have the technical ability to automatically reset permissions for apps you don't often use — but you'd better be safe than sorry.