Security researchers from Lab52 have disassembled a new piece of Android malware that they discovered while looking into the infrastructure of Russian cyberespionage group Turla.
Despite the fact that it’s the only malware family to connect to a Turla-associated IP address, Lab52 claims the spyware can’t be linked to the notorious APT because of its threat capabilities. When the malware is installed on a victim’s phone, it appears as Process Manager and displays a gear-shaped icon.
However, after the threat’s initial run, the icon is erased. When the malware is first run, it requests a long list of rights, essentially giving it complete control over the device and its contents.