AbstractEmu Malware Roots Android Devices, Evades Detection

By   ISBuzz Team
Writer , Information Security Buzz | Nov 01, 2021 03:35 am PST


Researchers at the Lookout Threat Lab provide a highly detailed review of new rooting malware distributed in fully functioning apps offered on Google Play, Amazon App store and the Samsung Galaxy store. They are calling the malware “AbstractEmu” “after its use of code abstraction and anti-emulation checks to avoid running while under analysis.” The malware leverages recent CVE’s from 2019-20 to allow access to a wide variety of hardware and uses quite sophisticated methods to confirm each device types to avoid detection.  A very interesting 5 min read.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Doug Britton
Doug Britton , CEO
November 1, 2021 11:36 am

<p>AbstractEmu is a sophisticated and far-reaching malware. Exploiting a chipset vulnerability can allow a hacker to read/write physical memory. As a result, this can allow modification of user privilege. This is a fundamental piece of hardware to hundreds of thousands, even millions of devices. This combined with other highly technical exploits makes AbstractEmu a significant vulnerability. As hackers grow their capabilities and power, we need to ensure we invest in the next generation of cyber professionals. This is the best long-term defense to combat the rise of malware and bad actors that are quickly becoming the biggest threat to an increasingly digital economy. We have the technology to find this talent, we need to move quickly and get them into the fight.</p>

Last edited 2 years ago by Doug Britton
Saryu Nayyar
Saryu Nayyar , CEO
November 1, 2021 11:36 am

<p>If you thought your phone was safe from malware, think again. There is a rootkit for Android that is already on a number of apps in Google Play, Amazon Appstore, and the Samsung Galaxy store. There are a number of commands that the rootkit can execute, depending on the circumstances.</p>
<p>Phones are increasingly being targeted for attacks, in large part because of the sheer number of devices in active use. Users have to take the same care with their phones that they do with their traditional computers, and be wary of installing unknown or unusual apps, and looking for different behaviors as they use their phones. Enterprises who provide phones to employees have to be able to monitor those devices for unusual activity.</p>

Last edited 2 years ago by Saryu Nayyar

Recent Posts

Would love your thoughts, please comment.x