In past, we have seen various malicious adwares infecting Android devices. But this time, researchers from FireEye have found something potentially very dangerous adware which can takeover user’s Android device. As of now, Chinese hackers are suspected for spreading this adware.
Also read: This Text Message Can Hack Any Android Phone Remotely
Researchers are calling this adware Kemoge due to its command and control (CnC) domain: aps.kemoge.net.
Like other malware and adware, it also reaches to system by hiding itself under some popular or attractive app downloaded via third-party app stores. FireEye also identified various infected apps with the name same as few popular apps like talking tom and shareit. Below is the flow chart of this process.
On its initial launch, this malware collects device information and uploads it to the ad server. The it starts showing ads on device. Once it has the root access of your smartphone, attackers can remotely control your smartphone, install other apps and steal your data.
As per the estimations, it has already infected devices in over 20 countries.
We have already recommended various times to use on Play Store or other well known app stores like Amazon’s app store. Using less known stores to download apps can harm you. But users usually ignore this and hackers exploit this behaviour of users.
What should you do to avoid this kind ion infection?
- Avoid downloading apps from unknown sources
- Never click on suspicious links on Facebook, emails or in other websites
- Always keep your Android devices and apps updated.
If you want to go in details, you can read the full report published by FireEye. It covers the technical details of adware and exact method it uses to come and infect a smartphone.
Source: FireEye
