Kaspersky researchers detected a Trojan application that terrorizes users with unsolicited ads and boosts installations of online shopping applications – fooling both users and advertisers. This malicious app visits smartphone app stores, downloads and launches applications and leaves fake reviews on behalf of the user, all while hiding itself from the device owner.

 

As winter sales are hitting the stores, both users and brands need to be wary. When choosing shops, users rely heavily on reviews, while retailers increase their promotion and advertising budgets. As it turns out, neither can fully trust what they see online, as a new Trojan application is boosting popular shopping app ratings and installations, and spreading numerous ads that may annoy users.

 

The Trojan, dubbed ‘Shopper’, first drew the attention of researchers following its extensive obfuscation and use of the Google Accessibility Service. The service enables users to set a voice to read out app content and automate interaction with the user interface – designed to help people with disabilities. However, in the hands of attackers this feature presents a serious threat to the device owner.

 

Once it has the permission to use the service, the malware can gain almost unlimited opportunities to interact with the system interface and applications. It can capture data featured on the screen, press buttons and even emulate user gestures. It is not known yet how the malicious application is being spread, however Kaspersky researchers assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to get a legitimate application.

 

The app masks itself as a system application and uses a system icon named ConfigAPKs in order to hide itself from the user. After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for the application to execute. Depending on the commands, the app can:

 

  • Use a device owner’s Google or Facebook account to register on popular shopping and entertainment apps, including AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba;

  • Leave application reviews in Google Play on behalf of the device owner;

  • Check the rights to use the Accessibility Service. If permission is not granted, it sends a phishing request for them;

  • Turn off Google Play Protect, a feature that runs a safety check on apps from the Google Play Store before they are downloaded;

  • Open links received from the remote server in an invisible window and hide itself from the app menu after a number of screens are unblocked;

  • Show ads when unblocking the device’s screen and create labels to advertised ads in the app menu;

  • Download applications from the Apkpure[.]com ‘market’ and install them;

  • Open and download advertised applications in Google Play;

  • Replace labels of installed apps with labels of advertised pages

 

The highest share of users infected by Trojan-Dropper.AndroidOS.Shopper.a from October to November 2019 was in Russia, with a staggering 28.46% of all users affected by the shopaholic app located in the country. Almost a fifth (18.70%) of infections were in Brazil and 14.23% in India.

 

“Despite the fact that at the moment, the real danger stemming from this malicious app is limited to unsolicited ads, fake reviews and ratings issued in the name of the victim, no one can guarantee that the creators of this malware will not change their payload to something else. For now, the focus of this malicious app is on retail, but its capabilities enable attackers to spread fake information via users’ social media accounts and other platforms. For example, it could automatically share videos containing whatever the operators behind Shopper would want on personal pages of users accounts and just flood the internet with unreliable information,” says Igor Golovin, Kaspersky malware analyst.

 

Kaspersky products successfully detect and block the Shopper malware under the following detection name: Trojan-Dropper.AndroidOS.Shopper. Read more about the Shopper on Securelist.com.

 

To reduce the risk of infection by malware threats such as this one, users are advised to follow the recommendations below:

 

  • Beware of apps that require the use of the Accessibility Service, if the application isn’t meant to be used with this function

  • Always check application permissions to see what your installed apps are allowed to do

  • Do not install applications from untrusted sources, even if they are actively advertised, and block the installation of programs from unknown sources in your smartphone’s settings

  • Use a reliable mobile security solution, such as Kaspersky Internet Security for Android, that can help identify potentially dangerous or questionable requests made by the downloaded application, and explain the risks associated with different types of common permissions


RECOMMENDED ARTICLE FOR TECHWORLD


 
DreamHack and CORSAIR Enter Strategic Partnership
Techworld Date Posted: 15 December 2017 10:06 AM | 446 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack.... See More
 
DreamHack and CORSAIR Enter Strategic Partnership
Techworld Date Posted: 10:06 AM | 446 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack...See More

 
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops
Techworld Date Posted: 27 June 2019 11:00 AM | 122 Views
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops. See More
 
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops
Techworld Date Posted: 11:00 AM | 122 Views
COLORFUL Introduces New iGame Line of Pre-Built Gaming DesktopsSee More

 
Sing Your Way to Security: Unique, Memorable Passwords Made Stronger than Constant Change, Says Kaspersky Lab Researchers
Techworld Date Posted: 2 February 2019 10:14 AM | 114 Views
To mark Change Your Password Day, 2019, Kaspersky Lab’s security researchers are advising users that unique, memorable passwords are stronger and more effective than regularly changing account passwords when it comes to keeping data.... See More
 
Sing Your Way to Security: Unique, Memorable Passwords Made Stronger than Constant Change, Says Kaspersky Lab Researchers
Techworld Date Posted: 10:14 AM | 114 Views
To mark Change Your Password Day, 2019, Kaspersky Lab’s security researchers are advising users that unique, memorable passwords are stronger and more effective than regularly changing account passwords when it comes to keeping data...See More

Rafael Aquino
The Threadripper’s Simple Complexity
Techworld • By: Rafael Aquino | Date Posted: 29 July 2017 4:30 PM | 192 Views
The AMD Ryzen Threadripper is by far the most powerful processor to date. 12 cores and 24 threads each, that is absolutely dwarfing any other processor ever created in the history of mankind. But.... See More
Rafael Aquino
The Threadripper’s Simple Complexity
Techworld • By: Rafael Aquino | Date Posted: 4:30 PM | 192 Views
The AMD Ryzen Threadripper is by far the most powerful processor to date. 12 cores and 24 threads each, that is absolutely dwarfing any other processor ever created in the history of mankind. But...See More

 
Connectivity Issues Lead to Damaged Relationships in 1-in-6 Cases
Techworld Date Posted: 21 September 2018 9:33 AM | 300 Views
Staying connected is now an obligatory part of showing you care. According to a study from Kaspersky Lab, connectivity is now a vital part of our duty to family, friends and loved ones. . See More
 
Connectivity Issues Lead to Damaged Relationships in 1-in-6 Cases
Techworld Date Posted: 9:33 AM | 300 Views
Staying connected is now an obligatory part of showing you care. According to a study from Kaspersky Lab, connectivity is now a vital part of our duty to family, friends and loved ones. See More

PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 1 August 2017 9:43 AM | 140 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing.... See More
PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 9:43 AM | 140 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing...See More

 
Kaspersky Lab Moving Core Infrastructure from Russia to Switzerland; Opening First Transparency Center
Techworld Date Posted: 16 May 2018 3:56 PM | 80 Views
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.. See More
 
Kaspersky Lab Moving Core Infrastructure from Russia to Switzerland; Opening First Transparency Center
Techworld Date Posted: 3:56 PM | 80 Views
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.See More

 
Realme Goes All-Out This Christmas, Announces Flash Voucher for MemoXpress and December 19 Flash Sale on Lazada
Techworld Date Posted: 18 December 2018 10:59 AM | 375 Views
Realme Philippines, well-received by Filipinos during its recent launch in the country, returns the gesture with an all-out offering for the Realme C1.. See More
 
Realme Goes All-Out This Christmas, Announces Flash Voucher for MemoXpress and December 19 Flash Sale on Lazada
Techworld Date Posted: 10:59 AM | 375 Views
Realme Philippines, well-received by Filipinos during its recent launch in the country, returns the gesture with an all-out offering for the Realme C1.See More

 
PLDT, Smart Superpower “The Umbrella Academy” Launch with Netflix
Techworld Date Posted: 8 March 2019 3:23 PM | 242 Views
Leading telco digital services provider PLDT Inc., together with its mobile arm, Smart Communications superpowered the star-studded launch of the brand-new Netflix original series, ‘The Umbrella Academy.’. See More
 
PLDT, Smart Superpower “The Umbrella Academy” Launch with Netflix
Techworld Date Posted: 3:23 PM | 242 Views
Leading telco digital services provider PLDT Inc., together with its mobile arm, Smart Communications superpowered the star-studded launch of the brand-new Netflix original series, ‘The Umbrella Academy.’See More

 
Stand-Out Customized Labels Make the Difference
Techworld Date Posted: 29 July 2019 10:00 AM | 209 Views
Stand-Out Customized Labels Make the Difference. See More
 
Stand-Out Customized Labels Make the Difference
Techworld Date Posted: 10:00 AM | 209 Views
Stand-Out Customized Labels Make the DifferenceSee More


Power by

Download Free AZ | Free Wordpress Themes