Οits researchers Kaspersky detected an application Trojan which intimidates users with unsolicited ads and facilitates the installation of applications for online shopping - deceiving both users and advertisers. This malicious application "visits" smartphone app stores, "downloads" and launches applications and leaves false reviews on the part of the user, all without the knowledge of the owner of the device.
As winter discounts approach, both consumers and brands need to be on the lookout. When choosing stores, users rely heavily on reviews, while retailers increase their promotion and advertising budgets. As it turns out, no one can have complete confidence in what they see on the internet, as a new Trojan application enhances ratings and installations of popular online shopping applications and spreads numerous ads that can annoy users.
The Trojan, with Title "Shopper", Attracted the attention of researchers after the extensive use of its accessibility service Google. The service allows users to set a voice to read the contents of the application and automate interaction with the user interface - designed to help people with disabilities. However, in the hands of attackers this operation poses a serious threat to the owner of the device.
Once licensed to use the service, the malware can have almost unlimited opportunities to interact with the system interface and applications. It can record data displayed on the screen, press buttons, and even simulate user movements. It is not yet known how the malicious application spreads, however, its researchers Kaspersky assume that it can be downloaded by device owners from fraudulent ads or third-party app stores, while trying to download a legitimate app.
The application disguises itself as a system application and uses a system icon named "Conpapks”To be hidden from the user. After the screen is unlocked, the application is launched, which collects information about the victim's device and sends it to the attacker's servers. The server returns the commands to be executed by the application. Depending on the commands, the application can:
- Use a device owner's Google or Facebook account to sign up for popular shopping and entertainment applications, including AliExpress, Lazada, Zalora, Shein, JOOM, Likee, and Alibaba.
- Leave app reviews on Google Play on behalf of the device owner.
- To control its rights of use Accessibility Service. If no right is granted, it sends a phishing request to them.
- To disable The Google Play Protection, a feature that performs a security check on applications from the Google Play Store before downloading them.
- Open links received from the remote server in an invisible window and hide from the application menu after unblocking a series of screens.
- Display ads when it unlocks the device screen and tags ads in the app menu.
- Open and download ads on Google Play.
- Replace the tags of the installed applications with the tags of the advertised pages.
As he said Igor Golovin, Kaspersky Malware Analyzer.
At the moment, this malicious application focuses on retail, but its capabilities allow attackers to spread fake information through users' social media accounts and other platforms.
For example, it could automatically share videos containing anything the operators behind Shopper wanted on personal user account pages and simply flood the internet with unreliable information.
To reduce the risk of malware infection, users are advised to do the following:
- Beware of applications that require the use of the accessibility service if it is not in the application specifications to be used with this feature.
- Always check application permissions to see what your installed applications are allowed to do.
- Do not install applications from unreliable sources, even if they are actively advertised, and prevent the installation of programs from unknown sources in your smartphone settings.
- Use a trusted security solution for mobile devices such as Kaspersky Internet Security for Android.
[the_ad_group id = ”966 ″]
ΜDo not forget to join (register) in our forum, which can be done very easily by the following button…
(If you already have an account in our forum you do not need to follow the registration link)
Follow us on Telegram!
