Top
image credit: Unsplash

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

April 4, 2022

An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices.

Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as Turla.

“When the application is run, a warning appears about the permissions granted to the application,” Lab52 researchers said. “These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras.”

Read More on The Hacker News