There is a new malware that brings in surge of advertisements to mobile devices and that has already been targeting android mobile devices in over 20 countries.
This malware is called Kemoge and is quickly spreading across the globe. Kemoge was discovered by one of the leaders in cyber security and malware protection, FireEye Labs, and it was named after its command and control domain (CnC) aps.kemoge.net. According to FireEye, this malware camouflages itself as a normal or popular icon that can deceive users to install the app from third-party app stores.
Initially Kemoge can only be annoying because it floods your mobile device with tons of persistent advertisements but that is just the tip of the iceberg. According to FireEye, the initial launch of the infected app will trigger Kemoge to collect device information such as IMSI, IMEI and storage information and then upload the data to an ad server. From then on, the user will be seeing advertisements whether they are doing something outside of the app or even when the phone is at the home screen.
The worst thing that Kemoge can do is offer other apps root access as shown by the log files obtained from infected devices. This in turn allows more aggressive apps to eventually install themselves.
The tricky thing about Kemoge is that it tries to evade detection by not constantly communicating with its server aps.kemoge.net. It is known to only ask for command within the first 24 hours. According to ZDnet, this is the reason why users should not download anything from unofficial android app stores. WiFi Enhancer, Calculator and Talking Tom 3 are three of the infected titles found outside of the Google Play Store.
As written by FireEye's Yulong Zhang, "This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat."
Kemoge may be a deceiving and harmful malware but it can be avoided with two basic ways. First is not to install any app outside the official app store and second is to avoid clicking any suspicious link. But for those who want extra protection, they can install a mobile security solution from a legit source.
