Android Malware Infects 20 Countries

Android malware is on the rise and today another malicious player was uncovered by FireEye. Originated from China, Kemoge, the new evil adware is capable to fully take over almost any Android device.

Infected nations are shown in red, total of 20 countries

The targets of the android malware include major industry players and governments. Kemoge infects targets by disguising itself as trending apps using repackaging, therefore it spreads in a fast manner.

Applications used by Kemoge android malware

How Does This Android Malware Work?

Cyber attacker submits the app to any third-party app store and advertises the download links using popular blogs and ads. Some ad networks are able to directly install Kemoge on a device. After the first launch, Android malware does reconnaissance and uploads device info to malicious servers, allowing it to serve ads in the background. When infection is complete ads are displayed to users no sporadically no matter what activity they do.

Kemoge life cycle

Looks like an annoying adware right? But that’s not all. Soon after starting serving ads to users Kemoge imports 7 different types of malware that roots devices without user’s knowledge and grants Android malware root (administrator) rights.

This is especially dangerous because Kemoge uninstalls antivirus, android protection and other popular apps in order to prepare other attacks.

Fire eye has issued following recommendations in order to kee you safe:

  • Never click on suspicious links from emails/SMS/websites/advertisements.
  • Don’t install apps outside the official app store.
  • Keep Android devices updated to avoid being rooted by public known bugs. (Upgrading to the latest version of OS will provide some security, but it does not guarantee that you will remain protected.)

Source: Fireye

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.