A new malware was detected. Named by security researchers AbstractEmu, its attack methods consist of the use of anti-emulation checks and also code abstraction techniques. All these can result in compromised devices rooting with the goal of devices control takeover and system settings tweaking.
The ones who identified the new Android rooting malware under discussion were the Lookout Threat Labs’ security researchers who named it AbstractEmu.
The same experts explained in their report how AbstractEmu posed as functional apps so when a user downloads and opens the app, it will be activated.
AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. (…) As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading.
Bundled with Apps
According to BleepingComputer, the new malware was bundled with 19 apps that could be found in Google Play or stores that contained third-party apps. We’re talking about Amazon Appstore, Aptoide, Samsung Galaxy Store, or APKPure.
Among the apps that bundled the malware password managers, data savers, and also app launchers could be found. However, these were removed from Google