Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store.
Over the last several years, as the Android ecosystem matured, widely-distributed malware with rooting capabilities has become rare. But its rarity doesn’t mean it’s not still a threat.
By definition, rooting malware is extremely dangerous because it can gain privileged access to the Android operating system. This enables the malware to grant itself further permissions, change system settings and install additional malware, steps that usually require user interaction. Armed with these invasive controls, threat actors can then conduct targeted phishing attacks, steal sensitive data needed to compromise user accounts or conduct surveillance.
Recently, the Lookout Threat Lab uncovered the first widespread rooting malware campaign in five years. Dubbed AbstractEmu due to its use of code extraction and anti-emulation checks to avoid detection, the malware was found on Google Play and other prominent third-party app stores such as Amazon Appstore and the Samsung Galaxy Store. Lookout notified Google and the apps were promptly removed.
Using AbstractEmu as an