There’s a new Android Malware that is forcing it’s way on to user’s phones.
Security researchers at Zscaler has discovered a new type of adware Android malware that downloads itself onto users phones. Luckily, this malware has only been spotted in one place, but we can expect this type of attack will be used again. For now, the malware can be found on site. The site is the Godlike Productions forum, (link purposely not provided).
Advertisements located on the site will auto download the malware APK to user’s phones. For the malware to begin it’s attack, the user needs to actually launch the app. Once launched, the app appears to be an Android cleaner app by the name of Ks Clean. But there is no cleaning going on. Instead, the app provides a fake popup titled “Update”. This popup only has the option for “ok” and there is no way for the user to back out. Once they hit the ok button, the app downloads a second app, which not surprisingly asks for admin access. The malware then begins to display ads on the user’s phone.
User’s that attempt to delete the app will find it not so easy. In order to uninstall the app, admin rights need to first be revoked, but the app has a trick up it’s sleeve. Each time the user attempts to remove the admin rights from the app, the app freezes the phone for a few seconds, making it impossible.
The forum which the malware is being distributed, has been found ignoring or even deleting topics where users are complaining about the forced download of the apps on to their phones.
Zscaler recommends that users disable auto-download in all mobile browsers and ensure the ability to download apps from unknown sources is turned off.