CATEGORIES
home News

Android Devices Are Being Silently Attacked By Dangerous AbstractEmu Malware

by Zak KillianFriday, October 29, 2021, 02:48 PM EDT
topimage android malware
One of the main reasons that the malware epidemic in the Windows XP days was so severe was because almost all those machines were configured with only a single user account that had administrative privileges by default. That meant that any malware running as that user would have free rein to do whatever it wanted on the system.

These days, systems aren't usually configured that way, and the largest category of personal computers out there—smartphones—usually don't even have any way for users to gain administrative privileges at all. That's why it's so concerning when new phone malware is found that can gain root for itself. Such a capability means that the offending application can grant itself privileges, install additional software, and generally take full control over the device, all without any user approval or action.

Cybersecurity company Lookout's threat lab just discovered exactly such a piece of malware. Lookout calls it "AbstractEmu" after its use of code abstraction and anti-emulation measures, which make it difficult to study. AbstractEmu gets on a device by pretending to be a legitimate piece of software. Lookout found nineteen apps that were front-ends for the malware, including one app—"Lite Launcher"—with over 10,000 downloads on the Google Play Store. The other apps were distributed using third-party stores, like the Amazon Appstore and the Samsung store.

inline abstractemu appicons
App icons for the fake apps used to deliver AbstractEmu.

Once the app is launched, it will make sure it's not running under emulation, then contact its command and control server to send back a whole pile of information about the device and its operating system. That information appears to be used to set up the malware's next steps, where it will attempt to gain root access on the device. If it is successful, it will then install another app that it then grants permissions for the contacts, call logs, SMS, location, camera, and microphone. That app masquerades as "Settings Storage"; attempting to open it will simply open the actual settings app.

Lookout wasn't able to determine who is responsible for creating AbstractEmu, but says that the creator is probably "a well-resourced group" that is motivated financially i.e. by the desire to steal money. Lookout draws comparisons between AbstractEmu and banking trojans that attempt to steal financial information from their victims, noting that it claims many of the same type of permissions. Lookout also notes that the malware seems engineered to target as many users as possible indiscriminately, further indicating that the goal was financial and not government or corporate secrets.

If you're concerned about whether you've been hit by AbstractEmu, you can hit up the Lookout blog to see the full list of known exploit packages.
Tags:  Android, security, smartphones
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment