Android compatible devices make up roughly 80% of the global smartphone market. That’s certainly an enviable position to be in, particularly if you’re a shareholder, but it does make for rather a large target. A target that hackers and cyber-criminals are all too eager to hit. Over the years, Android’s operating system has fallen prey to a large number of malware attacks. Google has always been quick to respond, but it sometimes feels as if they are fighting a losing battle. As soon as one malware threat is quashed, another comes along to take its place. So, it’s not too surprising that yet another new threat has been detected. Nicknamed ‘Kemoge’, it is spreading like wildfire and has infected Android compatible devices in more than 20 countries including the UK and the United States.
Kemoge is a particularly aggressive malware program that appears to originate from a China-based mobile company. So far, security experts estimate that Kemoge has infected 20 different iterations of Android (from 2.3.4 to 5.1.1) and has the potential to affect more than 300 different phone models. The malware piggybacks onto a user’s device through infected third-party apps. Once installed, Kemoge collects the user’s data and uploads it to an ad server. The infected device is then bombarded with a steady stream of unwanted advertisements, up to and including pop-ups on the Android home screen.
But the malware attack doesn’t stop at simply attempting to generate revenue by force feeding advertisements on unsuspecting android users. Kemoge also installs eight or more root exploits that could potentially give hackers complete access to the infected device’s data systems, ultimately giving them total control of the user’s smartphone. Moreover, Kemoge actively attempts to uninstall any anti-virus apps on the device that may be used to detect the malware and remove it from the operating system.
The Dangers of Third Party Apps
FireEye, a leader in online security, has taken a closer look at Kemoge and determined it to be of Chinese origin. Analysis of the Google apps certificates associated with the infected software point to Zhang Long, a Chinese developer who has submitted other apps to the Google Play store. It is still unclear whether those certificates were faked or stolen, but either way it suggests a team of Chinese hackers is responsible for the imbedding of Kemoge in popular Android apps. So far, more than a dozen apps appear to be infected, including Assistive Touch, Kiss Browser, Shareit, Privacy Lock, Talking Tom and Light Browser.
The emergence of Kemoge highlights the dangers of downloading any app from a third party vendor. Even popular apps that may otherwise appear innocent could have malicious software embedded in the program. This is one of the preferred methods hackers use to trick people into downloading malicious software onto their devices. As a general rule, third party vendors do not exhaustively test and vet the apps submitted to them for sale. Hackers rely on this lack of vetting to distribute their malware. Security experts suggest that people make it a habit to only download apps from reputable outlets such Google Play and Amazon. Apps on these stores are subjected to a much greater level of scrutiny before being made available to the public, limiting the opportunities for hackers to slip malware into the purchasing pipeline.
The problem of malware being embedded in otherwise innocuous apps is not exclusive to Android though it may sometimes seem as though they are the principle target. Apple, whose security protocols are second to none, recently experienced a similar security breach when it was discovered that a large number of their most popular apps had been faked by hackers and seeded with malicious software. It caused Apple a great deal of embarrassments, and gave them a taste of what Android has had to deal with for years. Still, as long as there are apps to be downloaded, there will be hackers that try to exploit them for their own personal gain. It is, unfortunately, the nature of the world we live in, where cyber-crime has become an all too common occurrence. As always, the best defense is diligence, and when it comes to downloading any app be sure it is being sold by a reputable and trustworthy vendor.