October 7, 2015
Kemoge, a new piece of Android malware, won't just irritate users with relentless ads, but may also root their device, according to researchers at FireEye.
Like the recently discovered Mapin, which spread by attaching itself to Candy Crush and Plants vs. Zombies, Kemoge is propagating by packaging itself into popular, legitimate Android apps -- including security ones. Kemoge was found in Easy Locker and Privacy Lock, as well as ShareIt, Calculator, and Kiss Browser.
First, Kemoge collects device info and aggressively serves up ads, popping up ads even if the user is doing nothing but idling on the Android home screen.
However, according to the FireEye report, "Initially Kemoge is just annoying, but it soon turns evil."
Kemoge also carries root exploits -- as many as eight different exploits, crafted for compromising a variety of device models. According to the report, some of the exploits are from the commercial tool Root Dashi (also called Root Master), and others are from open-source projects. The methods include include mempodroid, motochopper, perf_swevent exploit, sock_diag exploit, and put_user exploit.
Once the device is rooted, Kemoge receives instructions from its command-and-control server to either uninstall particular apps -- including anti-virus and popular legitimate apps -- launch particular apps, or download and install apps from URLs provided by the C2 server.
The Kemoge writers uploaded their weaponized apps to third-party app stores; one altered version of ShareIt also showed up on the official Google Play store, but it only included the adware, not the root exploits and C2 functionality.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Build a Case for a Password Manager