A China-based mobile app promotion company reportedly created an adware attack that takes full control over the victim's Android devices. This company has been allegedly cheating its clients by setting up an adware to install applications on unsuspicious victims.
According to FireEye, this attack was made by a Chinese company, named NGE Mobi/Xinyinhe. This firm claims to be operating at more than $100M with workplaces in Singapore and China. It has been using popular applications, repackaged with malevolent adware code, and then distributes through unofficial Android application stores.
The FireEye Labs mobile researchers have discovered a malicious adware that is rapidly spreading globally. This adware allows for a total takeover of an Android user's handset. Once the users install these applications on their devices, the adware starts processing. It collects information about the handset, delivers it to a C&C server, and then waits for new directions. Mostly adult content applications and interstitials are showed on the user's home screen, all undisruptive, however, very bothersome and exposes the users to more possible attacks.
Furthermore, the malicious adware uses novel methods to keep persistence and conceal its activity, which includes changing the recovery script performed on boot, deceiving the user into allowing automatic application installation, and installing system level services. The FireEye researchers have also detected more than 300 illegitimate, malicious versions of Android applications being dispersed, such as Memory Booster, PopBird, Flashlight, Clean Master, YTD Video Downloader, and Amazon.
The adware campaign was first discovered in August and has grown at a stable speed since then. Presently, the adware has been initiated on Android versions ranging from 2.3.4 to 5.1.1 with the most infected users in countries, including China, Argentina, Spain, Germany, Saudi Arabia, India, Russia, Brazil, Egypt, Indonesia, Norway, United States, Sweden, France, and United Kingdom.
The NGE Mobi/Xinyinhe is able to assure downloads of the applications it gets paid to promote by taking control of mobile devices through its adware. Additionally, it generates advertisement revenue by serving ads through total control of a user's handset.
Join the Conversation