Cybersecurity firm FireEye has discovered another mobile malware threat that has already established presence in over 20 countries.
Named Kemoge, the malware is capable of flooding infected devices with unwanted advertisements. The malware is seeded in what look like legitimate apps that are being offered on third-party app stores, with users being tricked into installing the Kemoge-containing apps through advertisements.
"This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat," wrote FireEye's Yulong Zhang.
The attackers upload the infected apps on third-party app stores and then promote downloading them through various websites and in-app advertisements. Some of the more aggressive advertising networks that are able to gain root privilege can also install samples automatically.
On the first launch of the infected app, Kemoge is able to collect the information of the device and then uploads the data to an ad server. The data that the malware collects includes the device's IMSI, IMEI and storage information.
Kemoge will when bombard the user with advertisements, with users seeing ad banners periodically no matter what they are doing. The advertisements will even appear if the user remains on the home screen of their Android device.
According to FireEye, the infected apps attempt to avoid being detected as such by only running the malicious code for a short time upon launch or after 24 hours of being installed.
It has also been reported that the log files from the infected devices reveal that Kemoge is allowing the apps to gain root access.
The infected apps containing Kemoge are sneaking through some users because hackers have repackaged the apps with the same names and icons of safe Android apps such as Calculator, Light Browser and Talking Tom 3.
As with previous kinds of malware that have been detected, users are recommended not to install apps from third-party app stores, as they have not been verified by Google. Downloading apps such as Calculator, Light Browser and Talking Tom 3 on the Google Play Store should be fine, but downloading these apps anywhere else would put users and their devices at risk from malware such as Kemoge.
