AbstractEmu Android البرامج الضارة "جذور" الهواتف الذكية وتهرب من الكشف
Researchers at Lookout Threat Labs اكتشف a new Android malware called AbstractEmu, which “roots” infected devices, which has become a rather rare practice for such malware in recent years.
مجردةEmu came bundled with 19 apps distributed through جوجل Play and third-party app stores (including Amazon Appstore, Samsung Galaxy Store, Aptoide, and APKPure).
The infected applications were password managers and various system tools, including tools for saving data and launching applications. في نفس الوقت, in order to avoid suspicion, they all really worked and had the declared functionality.
The malicious apps have now been removed from the Google Play Store, but other app stores are probably still distributing them. Researchers say that only one of the infected applications, Lite Launcher, had over 10,000 downloads when it was removed from Google Play.
After installation AbstractEmu starts collecting and sending various system information to its command and control server and waits for further commands.
بعد ذلك, AbstractEmu operators can give the malware various commands, على سبيل المثال, get root privileges, collect and steal files depending on how new they are or match a given pattern, and install new applications.
AbstractEmu has exploits for several known vulnerabilities in its arsenal to gain root privileges on infected devices. An expert report notes that one of the bugs, CVE-2020-0041, has never been used by Android apps before.
The malware also uses in attacks publicly available exploits for problems CVE-2019-2215 و CVE-2020-0041, and vulnerability CVE-2020-0069, found in MediaTek chips, widely used by dozens of smartphone manufacturers and installed on millions of devices.
After rooting the device, AbstractEmu can track notifications, take screenshots and record video of the screen, or even block the device or reset its password.
دعني أذكرك أننا كتبنا ذلك أيضًا Android malware GriftHorse infected over 10 مليون جهاز.