Thursday, 8 October 2015

Kemoge Adware: Aggressive Android Adware Trying To Rooten Devices


There is a new instance of aggressive Android adware discovered spreading via unofficial app stores and tries to Android devices through various vulnerabilities to 'rooting'. Although for years advised by experts and security to only download apps from official app stores, there are still users who use so-called "third party" app stores.

The now discovered Kemoge-adware poses as many different apps. The makers have taken the original apps and features the adware. Then placed the packaged apps in the unofficial app stores. Once active adware makes use of eight different exploits to get onto the phone via known vulnerabilities root privileges. The app collects all kinds of information from the device and lets see ads everywhere, even on the Android home screen. The name given to the malicious Adware family is because of its command and control (C2) domain:aps.kemoge.net.


Then the adware makes contact with a command-and-control server and wait for further instructions. The server can install any apps on the infected device, uninstalling or starting. The adware is found worldwide, says security firm FireEye. To avoid infection, users advised never to click on suspicious links in emails, text messages or advertisements. No apps outside the official app store to install, and finally to keep the Android device up to date. This is to prevent malicious apps to the device via known vulnerabilities can rooting.

No comments:

Post a Comment