The rar attachment contains an exe file: the malware itself. Objective: to steal information from the victim.
Process Manager is a new spyware for Android. Lab52 cybersecurity researchers: The App steals information from mobile devices and sends it to a server in Russia. It looks like Turla’s work, but there is no confirmation
Process Manager is a new spyware disguised as a legitimate app for Android. Lab52 cybersecurity researchers discovered this. The malware uses the same infrastructure as the Russian group Turla, although it is currently not associated with any APT. Once installed, the malicious payload pretends to be a component of the system and on first launch it asks the user to allow it to use up to 18 permissions such as access to an approximate location, access to a precise location, access to WiFi network, camera, Internet, audio settings, call log, contacts, external memory, SMS, sound recording and more. Once obtained, it removes its icon and runs in the background. The only thing that betrays it is a notification that it’s running. The information collected by the spyware is sent in JSON format to a command and control server located in Russia.