New AbstractEmu malware roots Android devices, evades detection


Level 37
Thread author
Top Poster
Feb 4, 2016
New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks.

The malware, dubbed AbstractEmu by security researchers at the Lookout Threat Labs who found it, was bundled with 19 utility apps distributed via Google Play and third-party app stores (including the Amazon Appstore, the Samsung Galaxy Store, Aptoide, and APKPure).

Apps bundling the malware included password managers and tools like data savers and app launchers, all of them providing the functionality they promised to avoid raising suspicions.
The malicious apps were removed from the Google Play Store after Lookout reported their discovery. However, the other app stores are likely still distributing them.

Lite Launcher, an app launcher and one of the apps used to deliver the AbstractEmu malware on unsuspecting Android users' devices, had over 10,000 downloads when taken down from Google Play.
"AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app," the Lookout researchers said.

"As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading."
Once installed, AbstractEmu will begin harvesting and sending system information to its command-and-control (C2) server while the malware waits for further commands.


Level 16
Top Poster
May 4, 2019
Security researchers at Zscaler have discovered a new Android malware strain that contains the ability to root smartphones, a feature that has become quite rare in Android malware strains in recent years.

Named AbstractEmu, the malware and its distribution campaign have been detailed in a report published today, summarized below:


Level 1
Nov 1, 2018
A new Android malware that can root devices to gain control and tweak system settings has been uncovered by security experts. The malware also uses anti-emulation and code abstraction checks.

Security researchers at the cybersecurity company, Lookout Threat Lab, discovered the threat and called it AbstractEmu. The malicious software gets on a device by appearing to be legitimate software.

AbstractEmu has been found in 19 apps, with one of the apps already downloaded more than 10,000 times on the Google Play Store before it was removed. The apps are also distributed by third-party stores like the Samsung Store and Amazon AppStore.
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.