Tech News

They identify an Android risk that can record audio and track location: how to protect yourself

identify a new malicious program that affects devices Android. This is Process Manager, a software that is capable of stealing data, as well as recording audio and tracking location, while working in the background.


Cybersecurity company Lab52 identified this malware, which uses the same shared hosting infrastructure used by a group of cybercriminals of Russian origin called Turla.

At the moment, it is unknown if Process Manager is endorsed by Turla or has any direct connection or relationship with this campaign, also known as Snake or Uroburos.


This software, which is also of Russian origin, reaches devices through a malicious APK file that works as spyware or spyware on Android and steals data, without the user noticing since it works in the background.

As the researchers have determined, once the application is installed, it is placed in the applications menu and displays a nut icon, which users can confuse with the Settings menu.


What’s more, when first run on the device, it requires a total of 18 permissions to access the phone’s location, screen lock and unlock, Wi-Fi network information, or camera sensors built into your phone.

Other permissions requested by this application are access to phone calls or contact information and you can launch the app when the device is on, send SMS, write to memory card or read external storage devices.

Once the app is opened for the first time, its icon is removed from the apps menu and sand runs in the background, since it appears in the notification bar.


In this way, in addition to stealing confidential information, it is capable of taking photos or videos, as well as recording audio from the voice recorder that usually comes pre-installed on these mobiles.

In this case, the application manages to extract these recordings in mp3 format in the cache directory and, together with the rest of the data, sends them in JSON format to a server located in Russia.

At the moment, it is unknown where this malware comes frombut researchers have found clues in another app called Ro Dhan: Earn Wallet Cash, which was previously available on Google Play.

How to know if there is a spy application on the cell phone

There are different steps that can be performed to scan the mobile for any spyware or spyware application.

1. Scan with Play Protect

This tool, available in the Play Store, reviews the mobile and the applications in search of any harmful behavior. In case any risk is found, the user receives a notification. This setting is enabled by default and the scans are done automatically.

To check that the option is enabled and verify that it is working properly, you have to enter the Play Store, from your mobile, press on the profile photo that is in the upper right margin and a menu of options will be displayed.

One of them is Play Protect. Enter there and see the report.

To make sure the option is enabled, tap the gear icon and verify that app scanning with Play Protect is turned on.

2. Check where apps were downloaded from and what permissions they have

When having Play Protect activated, an automatic scan of the installed apps is carried out, but it does not hurt to do a double manual verification. An interesting point is to check the permissions that the installed platforms have as well as where they were downloaded from.

To access this information, go to gear icon (the nut symbol) on the mobile, then enter in Applications and there go entering each one to verify where it says permissions as well as in Store application details. The latter serves to see where the app was downloaded from, which is very important, because if the download was made from an unofficial store, there is more risk that it is a malicious program.

3. Access safe mode to delete suspicious apps

When the phone is restarted in safe mode, it disables all third-party applications and allows you to delete apps that otherwise could not be deleted. It should be noted that this will not work if the malware had root access to the system.

How to access safe mode

To start in safe mode you have to press the power button until that alternative appears. In some models, when you press the shutdown button, the Shutdown option appears and you have to press there again until the legend Safe Mode appears and then click on that option again.

Then you must go to Configuration or Settings and there enter Applications. You will see a list with all the download apps. You have to check if you find any with a strange name or that you don’t remember having downloaded and delete it.

Before doing so, it is advisable to do a search to find out what is being removed from the device and avoid uninstalling any useful programs that could affect its proper functioning.

In case there is any suspicion that cannot be removed, you must enter Settings or Settings / Lock and security / Other security settings / Device administration. There you must disable the access of the suspicious program.

In the event that none of this works, you can resort to making a copy of all the information on the cell phone and doing a factory reset within the Settings menu.


Back to top button