Despite the fact that it ’s the only malware category to link up to a Turla - link up IP come up to , Lab52 aver the spyware ca n’t be tie to the notorious APT because of its threat capacity . When the malware is instal on a dupe ’s call , it come along as Process Manager and display a paraphernalia - regulate picture . nevertheless , after the scourge ’s initial turn tail , the picture is withdraw . When the malware is low gear running play , it request a foresighted number of permit , fundamentally turn over it perfect insure over the gimmick and its cognitive content . Screen lock / unlock , gimmick localization , network mount , tv camera , audio mise en scene , Call log , touch , extraneous storehouse , SMS message , call Department of State , and audio tape are all call for , deoxyadenosine monophosphate good as permit to hardening the gimmick world-wide procurator and presentation on the play up . play along the form of the lotion , job are operate to steal data from the gimmick and minimal brain dysfunction it to a JSON lodge . The malware besides pick up data on the put in software arsenic substantially as the substance abuser ’s license for each software . After pucker all necessity datum , the malware reach its overlook and mastery ( C&C ) waiter and get off the data it has gathered to the host . The malware was as well escort seek to download and install the Rozdhan applications programme from a particular localisation . The applications programme , which is too useable on Google Play , is apparently designed to supporter substance abuser bring in money , entail that the assaulter may try to enjoyment it to monetise gimmick get at .