Sunday, July 14, 2024
EHA

Malicious Android ads leads to Automatically Download and Install Apps that Contain Malware in Android Devices

Malicious Android Apps are growing rapidly and it used to target victims in Many ways. Spreading Malware through malvertising campaign in Popular Forum Leads to automatically downloading Android apps by advertisements posted on forums.

This malvertising campaign Found in on of the Forum called “GodLikeProductions,” where used Reported about automatically apps are downloading when users visit the Forum.

Forums Hosts have randomly removed the visitors Complaints messages about this Malicious Advertisement which leads to Download the Malware Apps.

Also Read A Malvertiser called “RoughTed” Bypass Ad-blocker and Get Half a Billion visits in 3 Months
Malicious Android ads leads to Malware auto Installation

Malicious Downloaded APK from Forum

Researchers From zscaler Discovered, the APK file called “ kskas.Apk,”  and the App name Mentioned as “Ks Clean,” which used to Automatically downloaded form the  “GodLikeProductions,”   forum.

Once this APK Automatically installed into victims Android Device, its asked to update the used by Displaying te fake system update pop-up.

This system updates popup only option presented to the user is to select the “OK” button, forcing the user to accept the message.

Also Read Beware: Malicious Payload “Hworm” Dropped Through Embedded Youtube Video’s
Malicious Android ads leads to Malware auto Installation
Malicious Android ads leads to Malware auto Installation

Once Victims Pressed the “OK” Button, its promote into installing another Malicious APK file called “UPDATE”  This APK is stored locally inside the assets directory of the app. Once installed, the Update app immediately asks for Admin rights.

Malicious Android ads leads to Malware auto Installation

According to the Zscaler,”Once the app gains admin rights, it becomes impossible to remove it from the device. The traditional “Uninstall” option, by default, becomes disabled, because a user cannot remove apps with admin rights. Usually, one can uninstall such apps by first removing admin privileges via settings, but this app uses an unconventional method — registering as an Android receiver — to preserve its admin privileges.”

This malicious App Stats that, Once Victims tried to uninstall this app, suddenly phone gets locked for few seconds.

Some other suspicious activities, including:

  • Mount/Unmount filesystems
  • Read/Write bookmarks history
  • Overlay system window
  • Write Settings
  • Download Without Notification
AlsoRead 200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack
Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles