Another Android malware attack has been spotted. FireEye researchers reported that the malicious adware blasts the user's phone with a flood of ads.
Known as Kemoge, the malware poses as one of many harmless apps. After being installed, the software starts to root itself on the phone and starts to serve ads even if the phone stays on the home screen.
The Android malware can be caught on the phone by downloading and installing some of the infected apps. Attackers have uploaded their modified clones of apps on different websites.
Users can install these infected apps without knowing that they are modified versions. Most of the apps are just duplicates of already existing apps on the Play Store. However, the modified apps can only be installed through unofficial channels and sites.
Some of the compromised duplicate apps are Sex Cademy, Privacy Lock, ShareIt, Kiss Browser, and even the popular Talking Tom 3, according to ZD Net. Users are advised not to install apps outside the Google Play Store as they may already be modified to contain malicious code.
Kemoge evades detection by running a malicious code continuously at startup for up to 24 hours. Besides pestering the user with ads, the Android malware also drops eight root exploits that can allow the attackers to remotely take control of the device.
What's worse is that the Android malware collects the device's IMEI and IMSI numbers. The data is then sent to a remote CnC server, according to PC World. Other information regarding the installed apps and storage are also collected.
The remote CnC server can then send malicious code to execute. Kemoge can install any app, uninstall the user's apps or even launch an app. This means that apps can start to appear or disappear without the user's input.
To avoid downloading the Android malware, suspicious links should not be opened. In addition, apps should not be installed if it's not from the official Google Play store, according to FireEye.
Android has already taken a beating with the previous Stagefright vulnerability. Now, the Kemoge Android malware has dealt another blow to its security reputation.
Join the Conversation