Kaspersky researchers detected a Trojan application that terrorizes users with unsolicited ads and boosts installations of online shopping applications – fooling both users and advertisers. This malicious app visits smartphone app stores, downloads and launches applications and leaves fake reviews on behalf of the user, all while hiding itself from the device owner.

 

As winter sales are hitting the stores, both users and brands need to be wary. When choosing shops, users rely heavily on reviews, while retailers increase their promotion and advertising budgets. As it turns out, neither can fully trust what they see online, as a new Trojan application is boosting popular shopping app ratings and installations, and spreading numerous ads that may annoy users.

 

The Trojan, dubbed ‘Shopper’, first drew the attention of researchers following its extensive obfuscation and use of the Google Accessibility Service. The service enables users to set a voice to read out app content and automate interaction with the user interface – designed to help people with disabilities. However, in the hands of attackers this feature presents a serious threat to the device owner.

 

Once it has the permission to use the service, the malware can gain almost unlimited opportunities to interact with the system interface and applications. It can capture data featured on the screen, press buttons and even emulate user gestures. It is not known yet how the malicious application is being spread, however Kaspersky researchers assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to get a legitimate application.

 

The app masks itself as a system application and uses a system icon named ConfigAPKs in order to hide itself from the user. After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for the application to execute. Depending on the commands, the app can:

 

  • Use a device owner’s Google or Facebook account to register on popular shopping and entertainment apps, including AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba;

  • Leave application reviews in Google Play on behalf of the device owner;

  • Check the rights to use the Accessibility Service. If permission is not granted, it sends a phishing request for them;

  • Turn off Google Play Protect, a feature that runs a safety check on apps from the Google Play Store before they are downloaded;

  • Open links received from the remote server in an invisible window and hide itself from the app menu after a number of screens are unblocked;

  • Show ads when unblocking the device’s screen and create labels to advertised ads in the app menu;

  • Download applications from the Apkpure[.]com ‘market’ and install them;

  • Open and download advertised applications in Google Play;

  • Replace labels of installed apps with labels of advertised pages

 

The highest share of users infected by Trojan-Dropper.AndroidOS.Shopper.a from October to November 2019 was in Russia, with a staggering 28.46% of all users affected by the shopaholic app located in the country. Almost a fifth (18.70%) of infections were in Brazil and 14.23% in India.

 

“Despite the fact that at the moment, the real danger stemming from this malicious app is limited to unsolicited ads, fake reviews and ratings issued in the name of the victim, no one can guarantee that the creators of this malware will not change their payload to something else. For now, the focus of this malicious app is on retail, but its capabilities enable attackers to spread fake information via users’ social media accounts and other platforms. For example, it could automatically share videos containing whatever the operators behind Shopper would want on personal pages of users accounts and just flood the internet with unreliable information,” says Igor Golovin, Kaspersky malware analyst.

 

Kaspersky products successfully detect and block the Shopper malware under the following detection name: Trojan-Dropper.AndroidOS.Shopper. Read more about the Shopper on Securelist.com.

 

To reduce the risk of infection by malware threats such as this one, users are advised to follow the recommendations below:

 

  • Beware of apps that require the use of the Accessibility Service, if the application isn’t meant to be used with this function

  • Always check application permissions to see what your installed apps are allowed to do

  • Do not install applications from untrusted sources, even if they are actively advertised, and block the installation of programs from unknown sources in your smartphone’s settings

  • Use a reliable mobile security solution, such as Kaspersky Internet Security for Android, that can help identify potentially dangerous or questionable requests made by the downloaded application, and explain the risks associated with different types of common permissions


RECOMMENDED ARTICLE FOR TECHWORLD


 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 8 September 2017 1:29 PM | 207 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with.... See More
 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 1:29 PM | 207 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with...See More

 
Lenovo launches new IdeaPad and YOGA ultrabooks in the Philippines
Techworld Date Posted: 23 September 2019 10:10 AM | 652 Views
Lenovo launches new IdeaPad and YOGA ultrabooks in the Philippines. See More
 
Lenovo launches new IdeaPad and YOGA ultrabooks in the Philippines
Techworld Date Posted: 10:10 AM | 652 Views
Lenovo launches new IdeaPad and YOGA ultrabooks in the PhilippinesSee More

 
Smart Widens Lead in Overall Mobile Data Download Speeds – OpenSignal
Techworld Date Posted: 1 June 2018 9:00 AM | 223 Views
PLDT wireless subsidiary Smart Communications, Inc. has almost doubled its overall mobile data download speeds over the past year largely because of improved LTE availability and speeds, according to a just-released analysis by independent.... See More
 
Smart Widens Lead in Overall Mobile Data Download Speeds – OpenSignal
Techworld Date Posted: 9:00 AM | 223 Views
PLDT wireless subsidiary Smart Communications, Inc. has almost doubled its overall mobile data download speeds over the past year largely because of improved LTE availability and speeds, according to a just-released analysis by independent...See More

 
Get the Best Deals for Your Family This Christmas with the PLDT Christmas 3 Bundle Promo
Techworld Date Posted: 21 December 2017 5:04 PM | 606 Views
It’s the season of gift-giving and PLDT has the perfect present for the digitally savvy and entertainment-loving Filipino families.. See More
 
Get the Best Deals for Your Family This Christmas with the PLDT Christmas 3 Bundle Promo
Techworld Date Posted: 5:04 PM | 606 Views
It’s the season of gift-giving and PLDT has the perfect present for the digitally savvy and entertainment-loving Filipino families.See More

 
Reward Yourself This Payday with Nokia Mobile’s Weekend Promos
Techworld Date Posted: 15 March 2019 4:47 PM | 211 Views
HMD Global, the home of Nokia phones, today announced its latest offering for Nokia fans, just in time for the payday weekends this March.. See More
 
Reward Yourself This Payday with Nokia Mobile’s Weekend Promos
Techworld Date Posted: 4:47 PM | 211 Views
HMD Global, the home of Nokia phones, today announced its latest offering for Nokia fans, just in time for the payday weekends this March.See More

 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 21 November 2018 1:31 PM | 78 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with.... See More
 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 1:31 PM | 78 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with...See More

Rhea Sanvictores
Edifier Unveils First Concept Store in PH
Techworld • By: Rhea Sanvictores | Date Posted: 7 December 2018 3:53 PM | 1933 Views
Premium audio solutions corporation Edifier has gone the extra mile in showcasing technological innovation and design elegance with the opening of its pioneer concept store in the Philippines. . See More
Rhea Sanvictores
Edifier Unveils First Concept Store in PH
Techworld • By: Rhea Sanvictores | Date Posted: 3:53 PM | 1933 Views
Premium audio solutions corporation Edifier has gone the extra mile in showcasing technological innovation and design elegance with the opening of its pioneer concept store in the Philippines. See More

 
Fortinet Protects Operational Technology Deployed in the Harshest Environments
Techworld Date Posted: 3 January 2018 2:43 PM | 253 Views
Fortinet® (NASDAQ: FTNT), the global leader in broad, integrated and automated cybersecurity solutions, today announced the availability of its Operational Technology (OT) Security solution for critical infrastructure and industrial organizations. See More
 
Fortinet Protects Operational Technology Deployed in the Harshest Environments
Techworld Date Posted: 2:43 PM | 253 Views
Fortinet® (NASDAQ: FTNT), the global leader in broad, integrated and automated cybersecurity solutions, today announced the availability of its Operational Technology (OT) Security solution for critical infrastructure and industrial organizationsSee More

 
Why is there a need for surveillance solutions? Synology has the answers.
Techworld Date Posted: 9 January 2019 4:57 PM | 253 Views
Video surveillance solutions are safety tools that help reduce crime and protect people and properties. Synology, as a network attached storage (NAS) vendor, provides reliable video management system through their Surveillance Station. See More
 
Why is there a need for surveillance solutions? Synology has the answers.
Techworld Date Posted: 4:57 PM | 253 Views
Video surveillance solutions are safety tools that help reduce crime and protect people and properties. Synology, as a network attached storage (NAS) vendor, provides reliable video management system through their Surveillance StationSee More

 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 26 October 2017 1:06 PM | 210 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,. See More
 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 1:06 PM | 210 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,See More


Power by

Download Free AZ | Free Wordpress Themes