As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores.
image via the FireEye blog
The new malicious adware, dubbed Kemoge, reported Wednesday by security researchers at FireEye, also disguises itself as popular applications. The apps trick the user into installing them through in-app ads and ads promoting the download links via websites. The legitimate appearing apps aggressively display unwanted advertisements which seem annoying, but in the FireEye blog researcher Yulong Zhong writes, " it soon turns evil."
The fake apps gain root access and gathers device information such as the phones IMEI, IMSI, and storage information, then sends the data to a remote server.
Infections have been discovered in more than 20 countries, including the United States, China, France, Russia, and the United Kingdom. Because of Chinese characters found in the code, it is believed that the malware was written by Chinese developers or controlled by Chinese hackers. The apps included Talking Tom 3, WiFi Enhancer, Assistive Touch, PinkyGirls, and Sex Cademy.
How to protect your Android device from infection
- Only install apps from trusted stores like Google Play
- Avoid clicking on links from ads, SMS, websites, or emails
- Keep your device and apps up up-to-date
- Install protection that scans apps like Avast Mobile Security
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.