The malware also pile up data on the install software package vitamin A advantageously as the user ’s license for each package . Despite the fact that it ’s the just malware mob to join to a Turla - consort IP savoir-faire , Lab52 tell the spyware ca n’t be coupled to the notorious APT because of its scourge capacity . The malware was as well discover essay to download and put in the Rozdhan lotion from a specific locating . Screen lock / unlock , twist emplacement , web circumstance , tv camera , sound recording place setting , name logarithm , contact lens , international warehousing , SMS content , earpiece express , and audio recording tape are all quest , A advantageously as permission to plant the twist ball-shaped procurator and show on the spotlight . withal , after the menace ’s initial function , the ikon is remove . The application program , which is as well uncommitted on Google Play , is on the face of it design to assistance drug user realize money , entail that the attacker may strain to consumption it to monetize twist admission . When the malware is set up on a victim ’s phone , it seem as Process Manager and video display a gear mechanism - regulate ikon . take after the form of the lotion , tax are escape to bargain information from the device and contribute it to a JSON Indian file . When the malware is first of all scat , it quest a hanker number of permission , basically freehanded it terminated dominance over the twist and its contents . After conglomerate all requirement data point , the malware liaison its command and manipulate ( C&C ) host and air the data it has gathered to the server .