Warning: Malicious Adware Finds New Way to Spread on Android Devices

With many organizations heavily relying on mobile computing, malicious operators have begun targeting the “low-lying fruit” of a business’ IT infrastructure, which is often a company’s mobile devices. Kemoge, a malicious adware strain designed to corrupt Android mobile operating systems, is the latest mobile threat that your business needs to protect itself against.

The network security experts at FireEye have concluded that Kemoge can be found within legitimate applications that are distributed through alternate app stores, and it has already spread to 20 different countries. The adware infects a device by overwhelming the user with unwanted advertisements. Yulong Zhang, a security consultant with FireEye, cites evidence suggesting that this particular strain of malware was created in China, and attached to legitimate applications to get the most bang for their buck. By repackaging this malicious code with legitimate software titles, Kemoge is able to spread effectively.

CIO acknowledges that Kemoge adheres to the following process when infecting a device:

Kemoge not only displays unwanted ads, but it's also loaded with eight root exploits that target a wide range of Android devices [...] A successful attack using those exploits means an attacker would have complete control over the device. Kemoge will collect a device's IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers, information on storage and apps, and send the information to a remote server.

Moreover, the malware suggests that users download other applications infected with the malware, and it scans the device for vulnerabilities. It also installs the exploits that are deployed for remote control, while sending information to a remote server. In essence, it hijacks Android mobile devices and allows the hackers behind it to extract information, and install and uninstall applications. This can render a mobile platform useless.

To combat this potential disaster, we first want to suggest that the only place you should be downloading applications for your Android device is from Google Play. Apps from the official Google Play Store will be less likely to include malicious or hazardous code. It’s also best practice to be mindful of the apps you download, whether you use a company mobile device or not.

From an organizational perspective, you’ll want to ensure that your network’s mobile device users understand your policies regarding the acquisition of new applications. It’s also a good idea to educate them about the importance of mobile device security and the effects it can have on their devices, your network, and the organization as a whole.

At Preferred we have solutions that can improve network security, including comprehensive mobile device management (MDM). The MDM provides administrators with options to restrict access to sensitive data, blacklist and whitelist applications, and even take control of a device to ensure your organization’s sensitive data isn’t exposed. Call one of our trusted IT professionals at 708-781-7110 to learn more.