‎Kaspersky warns users in view of winter discounts

‎Kaspersky warns users in view of winter discounts‎
© naftemporiki.gr Kaspersky warns users in view of winter discounts

Kaspersky Researchers detected a Trojan application that deceizes users with unsolicited advertisements and enhances the installation of applications for online purchases;‎‎ by tricking both users and advertisers.

This ‎‎malicious app ‎‎”visits”‎‎ smartphone app stores, ‎‎”Downloads”‎‎ and launches applications and leaves false reviews on behalf of the user‎‎, all ‎‎unbeknownst to the device owner‎‎ . ‎

‎As winter discounts approach, both users and brands must be on alert. When choosing stores, users rely heavily on reviews, while retailers increase promotion and advertising budgets. As it turns out, ‎‎no one can have full confidence in what they see on the internet‎‎, as a ‎‎new Trojan app enhances ratings and installations of popular applications for online shopping and spreads numerous advertisements that may annoy users‎‎. ‎

The ‎‎Trojan, titled ‎‎”Shopper”‎‎, caught the attention of researchers after the ‎‎widespread use of Google’s accessibility service‎‎. The ‎‎service allows users to designate a voice to read the content of the application and automate interaction with the user interface;‎‎ designed to ‎‎help people with disabilities‎‎. However, ‎‎in the hands of the attackers‎‎ this ‎‎function poses a serious threat to the owner of the device‎‎. ‎

Once authorized to use the service, the malware‎‎ can acquire almost limitless opportunities to interact with the system interface and applications. ‎‎It can record data‎‎ displayed on the screen, press ‎‎buttons‎‎, and even ‎‎simulate user movements‎‎. ‎

It Is not known yet how malicious application spreads‎‎, however, ‎‎Kaspersky researchers assume‎‎ that it can be ‎‎downloaded by device owners from fraudulent advertisements or third-party app stores, while trying to download a legitimate application‎‎. The‎‎ application disguises itself as a system application‎‎ and ‎‎uses a system icon named ‎‎”Conpapks”‎‎ to hide from the user‎‎. ‎

After unlocking the screen, the application launches‎‎, which ‎‎gathers information about the victim’s device and sends it to the attacker’s Servers. The Server returns the commands for the application to run‎‎. ‎‎Depending on the commands, the application‎‎ can: ‎

• ‎‎Use a device owner’s Google or Facebook account to sign up in popular shopping and entertainment applications‎‎, Including ‎‎AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba‎‎. ‎

‎ • ‎‎Leave app reviews on Google Play on behalf of the device owner. ‎

‎ • ‎‎Check the rights of use of the accessibility service‎‎. If permission is not granted, it sends a phishing request to them. ‎

‎ • ‎‎Disable Google Play Protection‎‎, a feature that performs a security check on apps from the Google Play Store before downloading them. ‎

‎ • ‎‎Open links downloaded from the remote Server to an invisible window‎‎ and ‎‎hide from the application menu after unblocking a series of screens‎‎. ‎

‎ • ‎‎Display Ads when it unlocks the device screen‎‎ and ‎‎generates labels‎‎ on displayed ads in the app’s menu. ‎

‎ • ‎‎Open and download advertised apps on Google Play‎‎. ‎

‎ • ‎‎Replace the labels of the installed applications with ‎‎the ‎‎advertised page‎‎ labels.

To ‎‎reduce the risk of malware infection, users are advised‎‎ to do the following: ‎

‎ • ‎‎Be aware of applications that require the use of the accessibility service‎‎ if it is not in the application specifications to be used with this function. ‎

‎ • ‎‎Always check the app permissions‎‎ to see what your installed apps are allowed to do. ‎

‎ • ‎‎Do not install applications from untrusted sources‎‎, even if they actively advertise and ‎‎prevent the installation of programs from unknown sources in your smartphone settings‎‎. ‎

naftemporiki.gr
‎Source: ‎‎Naftemporiki‎
(Visited 16 times, 1 visits today)

2

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.