This new malware can take root of Android smartphones

Recently, security researchers at Lookout Threat Labs have discovered a new type of malware capable of taking root of Android devices. Dubbed "AbstractEmu", the new malware has evasion techniques to ensure it goes undetected.

More notably, it is set to launch a global campaign, infecting as many Android devices as possible.

Lookout Threat Labs said it found a total of 19 Android apps used to distribute "AbstractEmu". These apps masquerade as utility apps and system tools such as password managers, spending managers, theme changers, data savers, etc.

This new malware can take root of Android smartphones Picture 1

7 of these 19 apps have root access functionality. One of them is Lite Launcher that found its way into the Google Play Store and tricked more than 10,000 users into downloading it before it was removed. Other apps find their way through third-party app stores like the Amazon Appstore and Samsung Galaxy Store, or sites that provide APK files like Aptoide and APKPure.

Malware rooting is quite rare but very dangerous. Gaining root privileges of Android devices, attackers can silently grant them top access and install other malicious code. Of course, root privileges also allow attackers to access sensitive user data.

Not stopping there, after infecting "AbstractEmu" it also started a chain of attacks to exploit other Android security vulnerabilities such as:

1. CVE-2015-3636 (PongPongRoot)
2. CVE-2015-1805 (iovyroot)
3. CVE-2019-2215 (Qu1ckr00t)
4. CVE-2020-0041
5. CVE-2020-0069

Lookout Threat Labs concludes that the criminal group behind "AbstractEmu" has very strong resources and they run this campaign for money. Currently, users of Android devices in the US are most affected by "AbstractEmu".

Micah Soto

Update 04 November 2021