Are you an Android user? Be careful of this new malware!

If you’re an Android user then there is a new threat to be aware of – the Kemoge malware. It’s currently spreading fast and victims have been found across more than 20 countries – and not just individuals but large corporates and even governments too.

How does it work?

Infected apps are presented via third party app stores that don’t have much malware protection and users are targeted with adverts pushing these apps promising all sorts of rewards and promotions. Once the app is downloaded it will collect local information from the device and begin aggressively pushing adverts based on the data it finds. Device information it collects, such as IMSI, IMEI and storage information can be uploaded to an ad server.

What’s the worst thing about it?

The malware carries eight root exploits that allow an attacker all sorts of access to an infected device, such as uninstalling antivirus software, downloading and launching other malicious software onto the device. This will open the door for more aggressive and more dangerous apps to gain access to the device.

Is it widespread?

Yes. One particular application laced with Kemoge has already been downloaded 100,000-500,000 times on Google’s Play Store before it was pulled from the shop.

How would it appear?

Initially, the barrage of annoying adverts would alert an Android user to the fact that there might be an issue, particularly if they are very closely targeted. Once the app has uploaded data to an ad server then the user will continue to see these adverts even outside of the app or when they are doing something on the home screen.

Is it easy to detect?

No, in fact it continuously tries to avoid detecting by not communicating with its server and only asks for command during the first 24 hours after it has been installed.

How do you avoid it?

There are three simple ways to avoid getting infected. The first is to avoid downloading anything from a third party app store – WiFi Enhancer, Calculator and Talking Tom 3 – are there of the sites that have been found to be affected. The second is simply not to click on links that appear suspicious or originate from a non-trusted source. The third is to install a mobile security solution. Infrastructure and security management are key to all aspects of business, especially mobile, and an investment in this can help avoid the cost of clean up and consequences of compromised security.