This spy malware activates your microphone, geo-fencing and has almost all access to a smartphone. It bears several distinctive signs of a group of Russian hackers. But certain elements cast doubt on this attribution.
Here’s a new boy around† Identified by security company researchers it will be installed on mobile phones with the name of Process Manager and may pose as a legitimate part. Once launched, it asks to grant up to 18 authorizations to access almost all functions of the mobile phone, including listening to phone calls and geolocation. It’s not particularly discreet at first glance, but once activated, disappears and the app runs in the background.from
With such a level of access to the phone, it seems clear that this is a is known for the Kremlin’s support. The modus operandi is the use of spy software mainly used to accurately target European and American targets. Turla’s name thus appeared in the of 2020, and more specifically in the Sunburst which allowed the group to hack into the servers of many major US and European companies and organizations.spy. Everything seems to link him to a group of Russian hackers called Turla. This
A difficult attribution
Apart from that, the ie an app installer for android, the mode of remains far from obvious. This vagueness may also indicate that the malware’s use is indeed targeted through phishing and social engineering methods that Turla is generally adept at. Another indication is that information collected by the device, such as text messages, recordings, and event notifications, is sent via a located in †comes in the form of a
But here it is… According to the researchers at Lab52, the attribution remains risky because other elements do not coincide with the methods of the Russian hacker group. The malware does indeed download additional payloads and in particular an application called Roz Dhan that allows you to earn moneythrough a sponsorship system. An odd fact for a group adept at cyber espionage. The app also looks unaffected. It is therefore difficult at this point in the investigation to know whether this malware really comes from Russian hackers.