This fraudulent app is more dangerous than most. It can record audio and even see where you’ve been.
Cybersecurity experts aren’t sure how you stumble upon it. Whether it comes from a malicious phishing link or a fraudulent app on the Google Play Store, we recommend being careful whenever you download a new app. If you don’t read the reviews and do your research, a bad actor can lash out and poison your device.
This new Android malware is like a snakebite
On April 1, experts with Lab52 blew the whistle on this threat. It wasn’t an April Fools’ joke — it was a serious wake-up call for anyone who downloaded an app called Process Manager. Although it looks like an innocent app that helps your phone function well, it’s just like a snake hiding in the grass.
Check your phone for any app icons that look like gears. If it’s called Process Manager, delete it now. This malicious app can lock your screen and even disable cameras.
When you first launch Process Manager, it says it needs you to approve 18 permissions:
- Read call logs
- Open camera
- Wake log
- Read external storage
- Send and read SMS
- Access network state
- Record audio
- Access coarse and fine location
- Foreground service
- Read phone state
- Write external storage
- Access Wi-Fi state
- Receive boot completed
- Modify audio settings
- Read contacts
It gets worse
Maybe you just searched your Android for Process Manager. Nothing came up, so you breathed a sigh of relief. You had better take another breath and buckle up for some bad news.
Once you open this app and give it permission to invade your phone, it blinks out of existence. Or so it seems. The spyware removes its icon from your home screen and runs in the background. You won’t be able to see it or open it; the only sign of its existence is a notification saying, “Process Manager is running.”
According to the Lab52 team, Process Manager sends all the data it collects to a Russian server. That means event notifications, text messages and recordings are all going overseas. The team also discovered that this app can download extra payloads to your device.
What to look out for
First, look up your apps and see which permissions you’ve given away. You may find out that you’re handing over some risky information.
If you have a newer Android, you’ll get notifications that alert you when your camera or microphone is active. If you’re getting these, that’s a big sign of malware.
Watch out for random app crashes and videos taking forever to load. Are you using way more data than usual, even though your activity is the same as always?