Monday, November 4, 2024
HomeMalwareMalicious Android ads leads to Automatically Download and Install Apps that Contain...

Malicious Android ads leads to Automatically Download and Install Apps that Contain Malware in Android Devices

Published on

Malware protection

Malicious Android Apps are growing rapidly and it used to target victims in Many ways. Spreading Malware through malvertising campaign in Popular Forum Leads to automatically downloading Android apps by advertisements posted on forums.

This malvertising campaign Found in on of the Forum called “GodLikeProductions,” where used Reported about automatically apps are downloading when users visit the Forum.

Forums Hosts have randomly removed the visitors Complaints messages about this Malicious Advertisement which leads to Download the Malware Apps.

- Advertisement - SIEM as a Service
Also Read A Malvertiser called “RoughTed” Bypass Ad-blocker and Get Half a Billion visits in 3 Months
Malicious Android ads leads to Malware auto Installation

Malicious Downloaded APK from Forum

Researchers From zscaler Discovered, the APK file called “ kskas.Apk,”  and the App name Mentioned as “Ks Clean,” which used to Automatically downloaded form the  “GodLikeProductions,”   forum.

Once this APK Automatically installed into victims Android Device, its asked to update the used by Displaying te fake system update pop-up.

This system updates popup only option presented to the user is to select the “OK” button, forcing the user to accept the message.

Also Read Beware: Malicious Payload “Hworm” Dropped Through Embedded Youtube Video’s
Malicious Android ads leads to Malware auto Installation
Malicious Android ads leads to Malware auto Installation

Once Victims Pressed the “OK” Button, its promote into installing another Malicious APK file called “UPDATE”  This APK is stored locally inside the assets directory of the app. Once installed, the Update app immediately asks for Admin rights.

Malicious Android ads leads to Malware auto Installation

According to the Zscaler,”Once the app gains admin rights, it becomes impossible to remove it from the device. The traditional “Uninstall” option, by default, becomes disabled, because a user cannot remove apps with admin rights. Usually, one can uninstall such apps by first removing admin privileges via settings, but this app uses an unconventional method — registering as an Android receiver — to preserve its admin privileges.”

This malicious App Stats that, Once Victims tried to uninstall this app, suddenly phone gets locked for few seconds.

Some other suspicious activities, including:

  • Mount/Unmount filesystems
  • Read/Write bookmarks history
  • Overlay system window
  • Write Settings
  • Download Without Notification
AlsoRead 200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy...

Russian Hackers Attacking Ukraine Military With Malware Via Telegram

Researchers discovered a Russian-linked threat actor, UNC5812, utilizing a Telegram persona named "Civil Defense....

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...