Lookout warns of a newly found malware form targeting Android devices. AbstractEmu allows affected devices to be rooted and completely taken over.

According to Lookout research, the advanced AbstractEmu malware uses code abstraction and anti-emulation techniques to prevent it from working when the malware code is analyzed. This makes the malware harder to detect and dissect, allowing it to ‘quietly’ carry out its malicious activities.

Rooting

Notably, the malware targets the root of affected Android devices and performs its malicious functionality from there. Root malware is almost non-existent nowadays due to the increasing maturity and security of Google’s mobile operating system, making AbstractEmu an exception to the rule.

A rooted device can be hazardous because it provides hackers with privileged access, allowing them to perform malicious activities to the fullest extent. The installation of additional malware while going unnoticed is common practice.

Through rooting, hackers can access sensitive data from other applications, including GPS, camera and microphone data, contact lists, call logs, and SMS messages. Moreover, rooting a device enables the hacker to control its functionality.

Malicious applications

The newly found AbstractEmu malware infects devices through specially developed, malicious applications. Said applications were first found in Google Play. Despite being removed at this time, the apps are likely to remain available in third-party app stores.

After installing the apps mentioned above, the malware targets several known hardware application vulnerabilities in the Android software. Lookout researchers argue that, as a result of the latter, the attack surface broadens.

According to Lookout security experts, customers can prevent AbstractEmu and other Android malware attacks by always updating their Android operating system to the latest version. Moreover, the experts recommend downloading applications from Google Play only, thereby avoiding alternative, third-party app stores. AbstractEmu is prone to linger in environments such as the latter.