Jeddah: A Trojan application that is affecting smart phone users with unsolicited ad boosts installations of online shopping applications, can even send reviews on behalf of users without their knowledge, a leading global cyber security firm has discovered.
In a latest report released on Thursday, Kaspersky Lab researchers said that it has discovered Trojan, dubbed as “Shopper”, a malicious app focusing only on retail shopping but its capabilities enable attackers to spread fake information via users’ social media accounts and other platforms. For example, it could automatically share videos containing whatever the operators behind Shopper would want on personal pages of user account and flood the Internet with unreliable information.
“Shopper” first drew of attention researchers following its extensive obfuscation and use of the Google Accessibility Service. The service enables users to set a voice to read out app content and automate interaction with the user interface – designed to help people with disabilities. However, in the hands of attackers this feature presents a serious threat to the device owner.
Once it has the permission to use the service, the malware can gain almost unlimited opportunities to interact with the system interface and applications. It can capture data featured on the screen, press buttons and even emulate user gestures, it said. It is not known yet how the malicious application is being spread, however Kaspersky researchers assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to get a legitimate application. The app masks itself as a system application and uses a system icon named ConfigAPKs in order to hide itself from the user. After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for the application to execute. Depending on the commands, the app can use a device owner’s Google or Facebook account to register on popular shopping and entertainment apps, the security firm warned.
Kaspersky has advised users to check the rights to use the Accessibility Service. If permission is not granted, it sends a phishing request for them and turn off Google Play Protect, a feature that runs a safety check on apps from the Google Play Store before they are downloaded.
“Despite the fact that at the moment, the real danger stemming from this malicious app is limited to unsolicited ads, fake reviews and ratings issued in the name of the victim, no one can guarantee that the creators of this malware will not change their payload to something else, the report said, quoting Igor Golovin, Kaspersky malware analyst.