Android malware is on the rise and today another malicious player was uncovered by FireEye. Originated from China, Kemoge, the new evil adware is capable to fully take over almost any Android device.
The targets of the android malware include major industry players and governments. Kemoge infects targets by disguising itself as trending apps using repackaging, therefore it spreads in a fast manner.
How Does This Android Malware Work?
Cyber attacker submits the app to any third-party app store and advertises the download links using popular blogs and ads. Some ad networks are able to directly install Kemoge on a device. After the first launch, Android malware does reconnaissance and uploads device info to malicious servers, allowing it to serve ads in the background. When infection is complete ads are displayed to users no sporadically no matter what activity they do.
Looks like an annoying adware right? But that’s not all. Soon after starting serving ads to users Kemoge imports 7 different types of malware that roots devices without user’s knowledge and grants Android malware root (administrator) rights.
This is especially dangerous because Kemoge uninstalls antivirus, android protection and other popular apps in order to prepare other attacks.
Fire eye has issued following recommendations in order to kee you safe:
- Never click on suspicious links from emails/SMS/websites/advertisements.
- Don’t install apps outside the official app store.
- Keep Android devices updated to avoid being rooted by public known bugs. (Upgrading to the latest version of OS will provide some security, but it does not guarantee that you will remain protected.)