Friday, March 29, 2024

Android Devices Infected with Undeletable Adware that Sits on System Partition

Researchers observed that 14.8% of all Android users attacked by malware or adware still have infection left in the system partition.

The problem is because of smartphones or tablets sold by certain brands in the lower segment contain malicious ad codes embedded in the firmware of the device.

Two main Strategies of Undeletable Adware

For Android devices, the most common malware is Lezok and Triada. They get directly embedded in key library “libandroid_runtime” that used by every app.

“A system partition infection entails a high level of risk for the users of infected devices, as a security solution cannot access the system directories, meaning it cannot remove the malicious files,” researchers said.

  • The malware gains root access on the device and installs adware in the system partition.
  • The code for displaying ads (or its loader) gets into the firmware of the device even before it ends up in the hands of the consumer.

The number of affected users varies between 1 to 5 percent of users with low-cost devices and reaches 27 percent in extreme cases.

Wide range of threats Observed

The Agent trojan is obfuscated and hides behind the GUI of the system or setting utility and delivers the payload that runs arbitrary files on the device.

Next, the Sivu Trojan which masquerades as an HTMLViewer app has two modules one uses root permission to push notifications and the second one is the backdoor allowing remote control of the smartphone.

The Plague adware is another type that calls itself as Android services and installs apps to show ad notifications.

Trojan Agent.pa mimic as CIT TEST app communicates with C&C server to run apps, open URLs, download and run arbitrary DEX files, install/uninstall apps, show notifications, and start services.

Penguin, Necro, Facmod, Guerrilla, Virtualinst and Secreted, or some other malware that often resides in the system partition.

“Some smartphones contain adware modules pre-installed by the manufacturers themselves. A few vendors openly admit to embedding adware under the hood of their smartphones; some allow it to be disabled, while others do not, describing it as part of their business model to reduce the cost of the device for the end-user,” reads Kaspersky statement.

This research shows that some mobile device sells the phones with built-in ad scripts to maximize the profit which causes inconvenience to the device owners. The pre-installed advertising scripts are hard to remove without damaging the system.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Read More

Top 5 Best Adware Removal Tool to Block Annoying Ads in 2019

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles