Previously we have seen Judy Malware infecting devices to generate large volumes of fraudulent clicks on ads, converting into revenue for their creators. Now, IT security researchers have discovered a new malware that is impossible to remove. Well, the new malware is essentially an Android package or APK masked as a system cleaner app named Ks Cleaner. Ks Cleaner forces users to download a security update. Once the update was installed, the malware can’t be removed from the system. Web security firm, Zscaler stated that this APK downloads itself from ads that are contaminated with malware. Once the KS Cleaner installed on the system, users are displayed with a flash message which says that the phone has a security loophole which puts user’s account and other data at risk. The only option users have is “Ok” button. Once user taps on the “Ok” button it automatically downloads another APK file which is known as “Update”. Once installed on victim’s system, it can’t be removed due to the APK registering itself as an Android Receiver. If an APK register itself as Android receiver it gains administrative right which makes it impossible to remove from the phone. If a user tries to delete it manually it registered event “DEVICE_ADMIN_DISABLED” triggers the malware which causes the phone to freeze. Shivang Desai of Zscaler on a blog post stated “Once the app gains admin rights, it becomes impossible to remove it from the device. The traditional ‘Uninstall’ option, by default, becomes disabled, because a user cannot remove apps with admin rights. Usually, one can uninstall such apps by first removing admin privileges via settings, but this app uses an unconventional method — registering as an Android receiver — to preserve its admin privileges.” Once the APK installed on the smartphone, users keep seeing unnecessary ads on their home screen. The APK file “Update” can even manage the bookmarks, settings and can even download apps without permissions. The best thing to dodge this malware is to avoid clicking the suspicious links. Disable the “Unknown Sources” Download option from Settings. Staying away from unknown forums will help a lot since the most malware instances have been found on online forums. So, what do you think about this? Share your views in the comment box below.
Δ