 |
| By exploiting Google Accessibility, a malicious app publishes fake reviews |
Kaspersky researchers have discovered a very annoying Trojan application that can be used to place spammy ads and install online shopping apps to allow users and advertisers to cheat by using Google Accessibility. The smartphone app store is dedicated to downloading and running various applications and represents users who do not know what is shown on the device.
Users and businesses need to be careful, especially in the high season. Stores increase the frequency of assignments and financial promotions, users rely heavily on store rankings, but it turns out that there are no stores, none of the buyers can fully rely on what they see online. Since the new version of the app, Trojans, can add reviews to popular shopping apps while posting a lot of ads that excite users.
Initially, the app called "Shopper" greatly affected the use of Google’s accessibility service to determine whether users with disabilities can access multiple device resources. This initially attracted the attention of researchers. This allowed users to customize the audio to read program content and to automatically interact with the user interface. However, saboteurs have access to this functionality, which makes it a serious threat tool for device owners.
Once the disabled app is given permission to use the service, it has little chance to interact with the system interface and applications because it can capture data on the screen, press keys, and even emulate the physical gestures of the user.
It is not yet known how this app will spread, but Kaspersky researchers believe that device owners can download the app from scams or third-party app stores if they are looking for the perfect official app.
The malicious application is hidden in the form of the OS application and is rejected by the user with a code called ConfigAPKs. The program runs after the screen is unlocked, collects information about the device and sends it to the destruction establishment behind it. Server, then the server displays an application executable command that can be created. You must do the following:
- Log in to popular shopping and entertainment apps using your device's Google or Facebook account, for example b. AliExpress, Lazada, Zalora, Sheen, Jum, Leakey and Alibaba.
- Take notes for apps on the Google Play store on behalf of the device owner.
- Check the permissions for accessibility services. If he can't find access and doesn't use the permissions, he'll try to access it by phishing.
- Disable Google Play Protection, which performs a security scan of applications on Google Play before downloading.
- After unlocking multiple screens, open the link received from the server in an invisible window and hide in the application list.
- Ads are displayed when the device’s screen is unlocked and tags are created in the list of apps where ads are shown.
- From Apkpure [. Com Download and install the application.
- Open and download the Advertising app on Google Play.
- Ad page tags, app tags not installed.
- From October 2019 to November 2019, Russia was the first country to be infected with Trojan-Trojan-Dropper.AndroidOS.Shopper.a. This corresponds to 28.46% of all Troy users in the world affected by this horse. The high share was followed by Brazil (18.70%) and India (14.23%).
- Igor Golovin, Kaspersky's Malware Analyst, believes that no one can guarantee that the Malware creator will not turn into more dangerous content, limiting himself up to now to spam ads, wrong labels, and labels on behalf of the victim. Posted in the app store. He added: "This malicious application is currently focused on consumer markets, but its features allow the saboteur to allow users to post information about user accounts on social networks and other platforms, such as videos, pictures or anything else."
- Users are encouraged to follow these recommendations to reduce the risk of developing malware threats exploiting Google Accessibility as follows:
- If you don't plan to use the app with this feature, search for apps that require access.
- Check the permissions granted to the application to see if the installed application can be run.
- Avoid installing applications from untrusted sources and prohibiting software installation from unknown sources in your smartphone settings, even if this is commercially common.
- With trusted smartphone security solutions such as Kaspersky Internet Security for Android, you can identify endangered applications or have questions about where to go while identifying the risks associated with different types of risk.