A recent study found out that a malware found on Google Play Store apps can access private information as well as financial data. The malicious software is called AbstractEmu.
Android users should be wary, but there are ways they can protect themselves from the latest issue.
What Is AbstractEmu?
For background information of AbstractEMU, Lookout researchers, Kristina Balaam and Paul Shunk, wrote on a blogpost that the people behind this malware are a well-resourced group with financial motivation. The researchers added that their code and evasion strategies are highly advanced, including the use of burner emails, aliases, phone numbers and pseudonyms. The study also discovered similarities between the malware and banking trojans, such as the untargeted deployment of their software and the permissions they demand.
In their research, they found that AbstractEMU was disguised as a variety of apps such as utility apps, password managers as well as system features such as app launchers and data savers.
With that said, NextPit advised Android phone users must delete and uninstall the apps found to have the AbstractEMU malware, including Data Saver, Anti-ads Browser, My Phone, Lite Launcher, All Passwords, Night Light and Phone Plus,.
"This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years," the Lookout researchers furthered on their blog post.
The app Lite Launcher was downloaded more than 10,000 from the official Google Play store. After discovering that this malware-ridden app was installed several times, Google deleted it after Lookout alsonotified them regarding this matter. Despite the fact that Google terminated the app on their platform, Lite Launcher is still up and running on other markets.
As Tom's Guide noted, AbstractEMU is also found in commonly used apps present in the Amazon app store, APKPure, plus Aptoide, the Samsung Galaxy store, and other off-road Android app markets.
For what it's worth, with AbstractEMU, once a suspicious app was installed, it would install spyware posing as a storage manager named Setting Storage. This spyware has access to contacts, call logs, SMS messages, location, camera and microphone.
Since it has root capabilities, it can lock out the smartphone, reset the device password, install unwanted apps, steal screenshots, record screen activity and disable Google Play Protect.
However, Tom's Guide furthered that the capabilities of AbstractEMU are far beyond what's required to steal other sensitive information from Android phones, credit card numbers, passwords, or to sign up Android users for premium-SMS scams, which is what most malware does these days.
How to Protect the Device from AbstractEMU
As mentioned, some apps are needed to be uninstalled to free the device from malware. Tom's Guide has shared detailed information regarding the root capabilities of AbstactEmu. Basically, users should delete the apps if it has the following.
- com.mobilesoft.security.password file on its folder
- com.zooitlab.antiadsbrowser placed on the Anti-ads Browser app folder
- com.smarttool.backup.smscontacts on the Data Saver app folder
- com.st.launcher.lite located on the Lite Launcher app folder
- com.dentonix.myphone on the My Phone folder
- nightlight.app on Light Night folder
- om.phoneplusapp on the Phone Plus folder
In relation to this, Android users must also verify if these apps are still in the Google Play Store using a desktop browser. If the app is still running, users must ensure that the icon on the listing page matches the installed app on the phone.
With the rise of technology, people must always be mindful of the apps they install on their phones. In line with this, Android phones should be updated as much as possible to prevent any malware.