The malware app grants itself the following 18 permissions:
Access coarse locationAccess fine locationCameraAccess network stateAccess Wi-Fi stateForeground serviceInternetModify audio settingsRead call logRead contactsWrite external storageRead external storageRecord audioRead phone stateRead SMSReceive boot completedSend SMSWake log
This app also asks for admin access which could allow it to monitor the screen unlock attempts, set screen lock password expiration, change screen lock, set the device global proxy, factory reset the device, and set storage encryption. According to the report, the app shows a warning about the permissions granted when you first open it. The attached screenshots suggest that users can’t deny the permissions from the prompt screen. Once the malware has what it needs, the Process Manager app disappears from the app drawer and runs in the background. You can only see it in the notification bar. With access to this many permissions, this malware has the potential to steal a lot of sensitive information from your device. Moreover, it can also pull off a few other sneaky moves such as installing apps from the Google Play Store and abusing them. The researchers found that the app tried to download an app called Roz Dhan: Earn Wallet Cash, which is used to earn money. The malware abuses its referral system to make a profit.
This Android malware has links to Russian state-sponsored hackers
According to Lab52 (via Bleeping Computer), the Process Manager malware app uses the same shared-hosting infrastructure Russian state-sponsored hacking group Turla was previously seen using. The attribution to Turla was not possible though. That’s because of its threat capabilities. If it was the work of a sophisticated APT (advanced persistent threat) group such as Turla, the app would have tried to remain hidden rather than showing a persistent notification. But this malware does send all the information collected to a server located in Russia. Either way, if you happen to have this app on your Android smartphone, delete it immediately. Always make sure that you only install apps from trusted sources.