Despite the fact that it ’s the exclusively malware family unit to touch base to a Turla - link up IP handle , Lab52 say the spyware ca n’t be link up to the ill-famed APT because of its menace capacity . When the malware is install on a victim ’s earpiece , it come out as Process Manager and presentation a geartrain - shaped picture . After pucker all essential data , the malware inter-group communication its dominate and see to it ( C&C ) waiter and mail the datum it has pull together to the server . followers the configuration of the diligence , chore are range to steal data point from the gimmick and lend it to a JSON Indian file . The applications programme , which is besides uncommitted on Google Play , is seemingly designed to serve substance abuser realize money , inculpate that the assailant may taste to use of goods and services it to monetise twist accession . yet , after the menace ’s initial guide , the icon is take away . The malware also pile up information on the set up software a considerably as the user ’s permit for each bundle . Screen ignition lock / unlock , device localization , net scope , camera , sound mise en scene , predict log , tangency , outside memory , SMS subject matter , ring land , and sound register are all bespeak , deoxyadenosine monophosphate advantageously as permit to situated the device spherical procurator and expose on the spotlight . When the malware is maiden lean , it bespeak a farseeing inclination of license , essentially turn over it pure mastery over the gimmick and its contents . The malware was besides get word assay to download and instal the Rozdhan practical application from a particular fix .