New Malicious Adware from China, 'Kemoge,' Discovered Attacking Android Devices
A new malicious adware, allegedly from China and dubbed the "Kemoge," has been discovered attacking Android devices in over 20 countries around the world.
Researchers from American security firm FireEye Labs have recently pinpointed a new type of malicious adware bundled in repackaged apps available from third party stores, which attacks by completely taking over devices it infects.
Named "Kemoge" after the command and control server kemoge.net where it was originally traced from, the adware is believed to have been "written by Chinese developers or controlled by Chinese hackers," and is currently being spread across Android devices on a global scale, representing a significant threat to mobile security.
Get Our Latest News for FREE
"Kemoge" hackers upload infected popular apps to third party app stores and promote these apps via ad networks that themselves infect users' devices when they are installed online.
FireEye named some of the repackaged ads, which include Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, ShareIt, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enchancer, and Light Browser.
The infected ad networks immediately access and gain root privileges in an infected device, and automatically install malware. Aggressively collecting the device's information, "Kemoge" then uploads it to a server where it begins to serve ads that choke the infected device's home screen.
"Kemoge" also uploads a multiple-encrypted .zip file made to look like an .mp4 file, which then decrypts, and unloads eight root exploits, which further infiltrates the device's system, transmitting installed app info, storage info, IMSI, and IMEI to the remote server of kemoge.net.
The server then sends a commands for "Kemoge" to uninstall the infected device's anti-virus apps, as well as launch, download, or install apps that can be used to further attack the device.
FireEye issued warnings to Android device users not to click on suspicious links, whether from SMS, emails, ads, or websites, or install apps not found in official app stores. Users should also keep their devices updated, and upgrade to the latest OS version for their device to provide some measure of security.
According to FireEye, the kemoge.net server currently remains up and running.
