By -
KEMOGE -- A LATEST ANDROID MALWARE TO ROOT ANY ANDROID PHONE






Google Android has been a primary concern of the attackers. Counting from a simple text message that could hack an Android phone remotely to the Stagefright bug making Billion users vulnerable.
Now, the latest is the 'Kemoge Malware' that has made its debut as an Adware on the Android mobile phones, allowing third-party app stores to fetch your device's information and take full control of it.
Security researchers from FireEye Labs have discovered that Kemoge malicious adware family is spreading in 20 countries around the globe. Also, the origin of the Adware's attack is suspected from China.

What is Kemoge?

The name given to the malicious Adware family is because of its command and control (C2) domain: aps.kemoge.net.
Kemoge is an Adware in the disguise of popular Apps; it has circulated in such numbers because it takes the name of popular apps and repackages them with the malicious code and make them available to the user.
They even use the same developer name, as used by the verified and clean apps on the official Play Store.
Some of the popular apps getting affected are:(Image)
  • Talking Tom 3
  • Calculator
  • Shareit
  • Assistive Touch
  • WiFi Enhancer

How does Kemoge Work?

root-android-phone
  1. The attacker sets up a genuine looking interface and uploads the apps to third-party app stores and plays smart by promoting the download links via websites and in-app advertisements.
  2. Some aggressive ad networks gaining root privilege can also automatically install the samples.
  3. Once activated on the device, Kemoge collects device information and uploads it to the ad server, then it slyly serves ads from the background.
  4. Victims get ad banners frequently regardless of the current activity as ads even pop-up when the user remains on the Android home screen.
"Initially Kemoge is just annoying, but it soon turns evil," said FireEye researchers.

Kemoge even Affects Rooted Devices

The malicious adware injects eight root exploits to root phones, targeting a wide range of device models.
Some of the exploits are compiled from open source projects whereas some come from the commercial tool "Root Dashi" (or "Root Master").
"After gaining root, it executes root.sh to obtain persistency," FireEye researchers said. "Afterwards, it implants the AndroidRTService.apk into /system partition as Launcher0928.apk -- the filename imitates the legit launcher system service. Moreover, the package name of this apk also looks like authentic services, e.g. com.facebook.qdservice.rp.provider and com.android.provider.setting."
Moreover, the malicious system service ( Launcher0928.apk) contacts aps.kemoge.net for commands.

How does Kemoge Evade Detection?

To evade detection, Kemoge communicates with the server at various time intervals. The malware runs malicious code briefly at the first launch or 24 hours after installation.
In each enquiry, Kemoge sends the data including phone's IMEI, IMSI, storage information, and installed app information to a remote third-party server.
After uploading the device's information, the malware asks commands from the server, which reverts with a command out of following three domains and the malicious system service executes it. The commands are:
  1. Uninstall designated applications
  2. Launch designated applications
  3. Download and Install applications from URLs given by server
FireEye researchers conducted their research on Nexus 7 running Android 4.3 (JellyBean). While experimenting, the server commanded the device, such that it uninstalled the legitimate apps and made the device filled with malicious codes.

How to Protect Against Kemoge?

Kemoge is a dangerous threat and to stay safe you are advised to:
  • Never click on any suspicious links from emails, SMS, websites, or advertisements.
  • Never install apps outside of the official App Store.
  • Keep your Android devices up-to-date in order to avoid being rooted by public known vulnerabilities (Upgrading device to the latest version of OS provides some security but doesn't always guarantee protection).
  • Uninstall the app showing Ads.
To know more about Kemoge, follow FireEye's official blog. Also, if you faced any such issues with your Android device, then identify the app supplying malicious Adware to you and let us know in the comment below.
source: thehackernews

Comments

Post a Comment

Popular posts from this blog

8 Key Tips That Every Single Cryptocurrency Trader Needs to Know

By -
Image
Even though we’re now several years into cryptocurrency becoming somewhat mainstream, although the hype has worn off, the digital, decentralized monetary format is still very much a big earner for people around the world, more commonly known as cryptocurrency traders. As a cryptocurrency trader yourself, you’ve probably witnessed the highs and lows of the market yourself, or even if you’re just getting started, you’ll look for the best way to make a start. With this in mind, today we’re going to help you get going. Below, we’re going to explore eight essential need-to-know tips to help you make the most in your cryptocurrency trading career, ensuring you have the best and most profitable experience. #1 – It’s Just Getting Started Although lots of people have heard of Bitcoin or might have seen it on the news, it’s not fully integrated into society just yet, and there’s only a real minority of people out there who actually use cryptocurrencies daily. That means there’s so much roo...
Read more

Bitcoin Price Touches $5,500 as Uptrend Remains in Place

By -
Image
In the volatile world of cryptocurrency, everything stands or falls with Bitcoin. While altcoins may show some independent momentum now and then, it won’t fool experienced traders in the slightest. As of right now, the Bitcoin price is moving up ever so slightly, as the $5,500 level has come into play again. Can the Bitcoin Price Sustain the Growth? To date, it has been a rather interesting year for Bitcoin in many different ways. After overcoming a major price retrace, it would appear the world’s leading cryptocurrency is moving in the right direction again. Although the $5,600 level might not necessarily be retaken this week, it seems unlikely a drop below $5,000 will materialize, which is what most people are interested in. Over the past 24 hours, the Bitcoin price has gained 2.08%, which is more than respectable. This gain allowed the BTC value to briefly surpass $5,500 again, although it seems likely that will remain a level of contention for some time to come.  It i...
Read more

Over 20% of Institutional Investors Already Exposed to Cryptos, Survey by Fidelity Reveals

By -
Image
22 percent of institutional investors already have exposure to digital assets. This is according to a new report by Fidelity Investments, one of the largest asset managers in the world. The report goes against many crypto skeptics who have been quick to state that institutions are no longer interested in digital assets. The survey polled 441 institutional investors between November last year and February this year. Interestingly, this was a time in which cryptos hit their lowest levels. Nevertheless, institutional investors remained unfazed, with interest in digital assets never really dwindling. Tom Jessop, the president of Fidelity’s digital assets division explained, “We never saw a decline in interest or sentiment during the crypto winter.” The survey revealed that 47 percent of institutional investors view digital assets as “having a place in their portfolios.” The investors, who include crypto funds, also disclosed their preferred investment methodology. 72 percent prefer to...
Read more