Researchers Uncover New Android Spyware With C2 Server Linked ...

•  Home
•  Newsletter
•  Webinars

• Home
• Data Breaches
• Cyber Attacks
• Vulnerabilities
• Webinars
• Expert Insights
• Contact

   Resources

• Webinars
• Free eBooks

About Site

• About THN
• Jobs
• Advertise with us

Contact/Tip Us  Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback! Follow Us On Social Media       RSS Feeds  Email Alerts Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Ravie LakshmananApr 04, 2022

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices.

Interestingly, the app — that has the package name "com.remote.app" — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as Turla.

"When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers said. "These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras."

Once the app is "activated," the malware removes its gear-shaped icon from the home screen and runs in the background, abusing its wide permissions to access the device's contacts and call logs, track its location, send and read messages, access external storage, snap pictures, and record audio.

The gathered information is captured in a JSON format and subsequently transmitted to the aforementioned remote server. Despite the overlap in the C2 server used, Lab52 said it doesn't have enough evidence to definitively attribute the malware to the Turla group.

Also unknown at this stage is the exact initial access vector employed for distributing the spyware and intended targets of the campaign.

That said, the rogue Android app also attempts to download a legitimate application called Roz Dhan (meaning "Daily Wealth" in Hindi) that has over 10 million installations and allows users to earn cash rewards for completing surveys and questionnaires.

"The application, [which] is on Google Play and is used to earn money, has a referral system that is abused by the malware," the researchers said. "The attacker installs it on the device and makes a profit."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share  Share on Facebook Share on Twitter Share on Linkedin Share on Reddit Share on Hacker News Share on Email Share on WhatsApp Share on Facebook Messenger Share on Telegram SHARE  Android, hacking news, spyware Trending News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs and 25+ More Stories

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Popular Resources

139,000 Cyber Incidents Analyzed — Here's What Every CISO Must Know for 2026

Advanced Intrusion Detection + OT Vulnerability Management in One Platform

Your SOC Needs AI — Watch Prophet AI Investigate Alerts in Minutes

Elite SOCs Look to the Network First — Discover How Corelight NDR Works

Cybersecurity Webinars

Redefining Cloud Incident Response

Learn How to Investigate Faster with AI-Powered Cloud Forensics

Join Wiz experts to see how AI and context-aware forensics make cloud investigations faster, clearer, and more reliable.

Register Inside the Quantum Threat

Learn Quantum-Safe Practices to Stop Future Decrypt Attacks

Quantum computers could soon break today’s encryption—join Zscaler’s webinar to learn how post-quantum cryptography keeps your data safe for the future.

Register Latest News Cybersecurity Resources Zero Trust + AI: Thrive in the AI Era and Remain ResilientZero Trust Everywhere - protection across your workforce, branches, and clouds, and GenAI.. Stop AI-Powered Threats and Protect Sensitive Data with Zscaler Zero Trust + AICompanies must replace legacy firewalls, VPNs, and exposed IPs with a Zero Trust + AI security model to protect AI usage and stop AI-driven attacks. Earn a Master's in Cybersecurity Risk ManagementLead the future of cybersecurity risk management with an online Master’s from Georgetown. ​ Expert Insights Articles Videos

When Your Browser Becomes The Attacker: AI Browser Exploits

February 2, 2026 Read ➝

How to Secure Your Mid-Market Business Across the Complete Threat Lifecycle

February 2, 2026 Read ➝

CTM360 Research Reveals 30,000+ Fake Online Shops Impersonating Fashion Brands

February 2, 2026 Read ➝

9 Identity Security Predictions for 2026

February 2, 2026 Read ➝ Get Latest News in Your Inbox

Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.

Email