Kemoge: A Vicious New Malware That Could Take over Your Android Device
A new malicious adware dubbed “Kemoge” has been discovered to operate in the wild by security researchers. The malware is spotted spreading worldwide quickly, and it allows the complete compromise and takeover of the targeted Android device.
Security researchers at FireEye have uncovered a new Android malware that is aggressively spreading infecting Android devices around the world. Victims have been identified in 20 counties already, and they include big corporations & industries as well as governments.
The malware has turned up in countries such as the U.S., China, Singapore, Indonesia, Russia, England, and France.
The complete account of the FireEye researchers’ finding can be found here, in a blog post.
A list of popular applications that have been repackaged with Kemoge are:
- Smart Touch
- Talking Tom
- Light Browser
- Easy Locker
- Privacy Lock
- Other adult applications.
Among other behavior, one sample of Kemoge had the means to uninstall the antivirus installed on the device, potentially leading to the “complete takeover” of the infected Android device.
Here’s how the Kemoge works:
- Infected applications are routinely served up in third-party app stores that have little malware protection. These applications are further pushed onto users through ad promotions promising rewards.
- Once installed, the compromised application starts to compromise the device by collecting local information and aggressively pitching ads based on user behavior and data stored.
- It gets worse; the malware also carries up to eight root exploits to root various Android devices, usually phones from different manufacturers.
- The eight root exploits also grants a malicious attacker the means to download, install and even launch other malicious applications onto an infected device.
One particular Kemoge-laced application called “ShareIt” by a developer named Zhang Long has been downloaded anywhere between 100,000-500,000 times on Google’s Play Store before being pulled by Google.
FireEye notified Google of other malicious and compromised applications which are also currently being looked into.
The researchers point to the adware family being “possibly written by Chinese developers or controlled by Chinese hackers.”
Images from Shutterstock.