This Scary New Android Malware Pulls Off a Funny Little Scam

Tero Vesalainen/Shutterstock.com

Cybersecurity researchers from Lab52 have discovered a nasty new Android malware called “Process Manager.” It can record your audio, track locations, send or read texts, and even access your storage to use the camera or see pictures.

To make matters worse, the Process Manager malware employs a gear-shaped icon, so it looks like a system settings app, enabling it to hide on a user’s device easily. This Android malware doesn’t hide in plain sight either, as you’ll see a persistent notification that “Process Manager” is running. It’ll look all official, but it’s certainly not good.

The researchers haven’t figured out how it is being distributed, but once a victim installs it, the app quickly requests access to scary and dangerous device permissions. Some of these include device location data, Wi-Fi state, cameras, audio, microphone, read and write storage access, and can even read or send text messages. The app icon disappears once it gets access to those device privileges, but you’ll still see the process running in the notification pulldown tray.

That all sounds scary, and it is, but surprisingly enough, the app doesn’t appear to be doing anything too malicious to the end-user. Once installed, the researchers found that it downloads a money-making app from the Google Play Store using a referral code. The app is named “Roz Dhan: Earn Wallet cash.” The scam is working, as it has over 10 million downloads. The creators of this Android malware earn money for each download.

Anyone using a device on Android 10 or higher can go into permissions on their device and revoke access to specific permissions or look for suspicious apps such as this one. Unfortunately, it’s not yet clear what else this malware is doing behind the scenes or how users are getting it, but it’s one more thing to keep in mind.

via BleepingComputer