This malware was found in a total of 19 apps, which were downloaded over 10,000 times before they were removed. Google was notified by Lookout, and took action, quickly. This malware was placed onto these app stores via utility apps. Password manager apps, app launchers, data saver apps, and so on. All of these apps were functional, says Lookout, but they were hiding “AbstractEmu” malware.

“AbstractEmu” rooting malware appeared on Android app stores

“AbstractEmu” gains root access to the Android device, so that it can silently modify the device settings. It can reset the device password, lock your phone, monitor notifications, capture screenshots, and record the device screen. Lookout notes that malware with root capabilities is very rare on Android, but it’s also very dangerous. Such malware can grant itself dangerous permissions, and do a lot of damage. You should always keep your device up to date, and be careful what you download. On top of that, sticking to official app stores is the way to go. If an app looks suspicious, don’t install it, basically.

One of the apps that contained this malware, “Lite Launcher”, had around 10,000 downloads. If you’d like to access a full list of apps that were affected by this malware (and removed), click here (CSV file from Lookout). We’ve seen various types of exploits recently, but those that have root access are the worst, needless to say. This is not a phishing malware, or anything of the sort. Once you download the app and give it the necessary permissions, it can do a lot of damage, without phishing with SMS scams and whatnot. So, be careful when you install apps, and try to stick to official app stores.