Scary new malware tracks where you go and records your audio
April 4, 2022
By Kim Komando
It’s spring, which means there’s a lot of pollen swirling around in the air. Focus on your smartphone and you’ll find even more floating junk — like a nasty strain of new Android malware.
This fraudulent app is more dangerous than most. It can record audio and even see where you’ve been. Tap or click here for eight hidden maps and trackers you need to switch off.
Cybersecurity experts aren’t sure how you stumble upon it. Whether it comes from a malicious phishing link or a fraudulent app on the Google Play Store, we recommend being careful whenever you download a new app. If you don’t read the reviews and do your research, a bad actor can lash out and poison your device.
This new Android malware is like a snakebite
On April 1, experts with Lab52 blew the whistle on this threat. It wasn’t an April Fools’ joke — it was a serious wake-up call for anyone who downloaded an app called Process Manager. Although it looks like an innocent app that helps your phone function well, it’s just like a snake hiding in the grass.
Check your phone for any app icons that look like gears. If it’s called Process Manager, delete it now. This malicious app can lock your screen and even disable cameras.
When you first launch Process Manager, it says it needs you to approve 18 permissions:
- Read call logs
- Open camera
- Wake log
- Read external storage
- Send and read SMS
- Access network state
- Record audio
- Access coarse and fine location
- Foreground service
- Read phone state
- Write external storage
- Access Wi-Fi state
- Internet
- Receive boot completed
- Modify audio settings
- Read contacts
If you’re the type of person who automatically hits “Accept” without reading through the permissions, your device could be in danger. Tap or click here for four signs that your Android device has a virus.
It gets worse
Maybe you just searched your Android for Process Manager. Nothing came up, so you breathed a sigh of relief. You had better take another breath and buckle up for some bad news.
Once you open this app and give it permission to invade your phone, it blinks out of existence. Or so it seems. The spyware removes its icon from your home screen and runs in the background. You won’t be able to see it or open it; the only sign of its existence is a notification saying, “Process Manager is running.”
According to the Lab52 team, Process Manager sends all the data it collects to a Russian server. That means event notifications, text messages and recordings are all going overseas. The team also discovered that this app can download extra payloads to your device.
What to look out for
First, look up your apps and see which permissions you’ve given away. You may find out that you’re handing over some risky information.
If you have a newer Android, you’ll get notifications that alert you when your camera or microphone is active. If you’re getting these, that’s a big sign of malware.
Watch out for random app crashes and videos taking forever to load. Are you using way more data than usual, even though your activity is the same as always? That’s another red flag. Tap or click here for seven signs that your computer or smartphone is infected.
Want to protect yourself from this new Android malware? Read these guides
How to protect your Android from malware
5 ways to get rid of malware on your phone
Antivirus isn’t just for your computer – Here’s why you should protect your smartphone, too
https://www.komando.com/tips/cybersecurity/process-manager-android-app-records-users/