define a new malicious program affecting devices Android. This is Process Manager, a software that can record audio and location tracking as well as playing data. while running in the background.

Cybersecurity company Lab52 detected this malware using the same shared hosting infrastructure used by a Russian-based group of cybercriminals named Turla.

At this time, it is unknown whether Process Manager is endorsed by Turla or has a direct link or affiliation with this campaign, also known as Snake or Uroburos.

This software, which is also of Russian origin, reaches devices via a malicious APK file that works as follows. spyware or spyware It runs on Android and steals data without the user noticing as it runs in the background.

As the researchers noted, once the app is installed, it’s placed in the apps menu and displays a nut icon that users can confuse with the Settings menu.

What else, requires 18 total permissions when first run on device To access phone location, screen lock and unlock, Wi-Fi network information, or camera sensors built into your phone.

Other permissions requested by this app, access to phone calls or contact information, and You can start the application with the device turned on, send SMS, write to the memory card. or read external storage devices.

When the app is opened for the first time, its icon is removed from the apps menu andand it runs in the background, because it shows up in the notification bar.

In this way, in addition to stealing confidential information, it can record audio as well as take photos or videos. from the voice recorder that usually comes pre-installed on these mobile phones.

In this case, the application manages to extract these recordings into the cache directory in mp3 format and sends them together with other data in JSON format to a server located in Russia.

It is currently unknown where this malware came from.however, the researchers found clues in another app called Ro Dhan: Earn Wallet Cash, which was previously available on Google Play.

How to find out if there is a spy app on a mobile phone

There are different steps that can be performed to scan the cell phone for any spyware or spyware application.

1. Scan with Play Protect

Available in Play Store, this tool examines mobile phone and apps to look for any harmful behavior. In case of any risk, the user is notified.. This setting is enabled by default and scans are done automatically.

To check if the option is enabled and verify that it is working properly, you need to enter the Play Store on your mobile, press the profile photo in the upper right edge and a menu of options will be displayed.

One of them is Play Protect. Get in there and see the report.

Tap the gear icon to make sure the option is enabled and verify that app scanning with Play Protect is turned on.

2. Check where apps are downloaded from and what permissions they have

When Play Protect is enabled, an automatic scan of installed apps is performed, but it doesn’t hurt to do a double manual verification. An interesting point is to check what permissions the installed platforms have, as well as where they are downloaded from.

To access this information, go to: gear icon (nut symbol) from your mobile, then Applications and go to enter each one to verify where it says permissions Moreover Store application details. Secondly, it serves to see where the application was downloaded from, which is very important, because if the download was from an unofficial store, there is a greater risk of it being a malicious program.

3. Access safe mode to delete suspicious apps

When the phone restarts in safe mode, it disables all third-party apps and allows you to delete apps that could not otherwise be deleted.. It should be noted that this will not work if the malware has root access to the system.

How to access safe mode

To start in safe mode, you have to press the power button until that alternative appears. On some models, when you press the shutdown button, the Shutdown option appears and you have to press it again until the legendary Safe Mode appears and then click that option again.

Next, you have to go to Configuration or Settings and enter Applications there.. You will see a list with all downloaded apps. You need to check if you find any with a strange name or don’t remember downloading it and delete it.

Before doing this, it is recommended that you do a search to find out what has been removed from the device and avoid uninstalling useful programs that may affect the device’s proper functioning.

In case of any doubts that cannot be removed, you should go to Settings or Settings / Lock and security / Other security settings / Device management.. There you should disable the access of the suspicious program.

If none of this works, you can resort to a factory reset by making a copy of all the information on the mobile phone from the Settings menu.