Android users will be well aware of the fact that the Google Play store, and their Android device, are constantly under the watchful eye of cybercriminals. Thanks to the wide usage of the Android operating system, these criminals use this in the favor and use the Google Play store to help spread their malware to unsuspecting victims.
The latest case is called Kemoge and, similar to another recent malware that affected iOS users, has its roots in China. This follows Google removing many apps from the online store that disguised themselves as legitimate applications but actually began to push out adware and, eventually, more malicious things. Some of the popular apps that were disguised as Kemoge include Smart Touch, Calculator, Talking Tom, Light Browser, Privacy Lock, Easy Locker and others including adult apps. The malware then collects information from the infected device and starts sending ads in an aggressive manner. The eight root exploits are more worrisome because the attackers can use them to download, install and launch apps on the infected device.
Once the campaign was discovered, Google set about deleting the infected applications from its online store and issued warnings to users. The infection covered a large spectrum of devices, but the root exploits are not one-to-one mapping. Furthermore, some of the root exploits are device oriented, like motochopper which targets Motorola devices, but some others are general root, like the put_user exploit, which can root unpatched devices from Samsung, HTC or Motorola.
Once the device is infected, Kemoge beings to install different components which help it gain root access. It, for example, registers MyReceiver in the AndroidManifest which invokes another component called MyService, both of which are disguised as legitimate Google code because they include Google’s com.google component prefix. This means that the device is under constant control without the victim realizing it.
As always, the best way to avoid being the victim of malware, regardless of what device you are using, is to be protected with an antivirus for Android. As we have seen before, there are many different ways that you could have your or your loved ones’ privacy or information compromised, and prevention is the best form of protection.
The post Kemoge: Google Play faces new app attack appeared first on MediaCenter Panda Security.