Android users are at risk from a new type of malware that employs implant themselves rootlevel ads to generate revenue. The infection is through contaminated sites, including porn sites.
Victims of the so-called HummingBad malware need to take any action themselves to their device to infect. The malware squeezes itself through a drive-by attack inside. In addition, the visit of a contaminated site is simply enough to allow the malicious code on a vulnerable Android device. According to the discoverers of security company Check Point is the malicious payload at least served by some porn sites.
Rooting and pwnen
Once HummingBad within, settles into the deep Android root level where it continues its malicious work. These rootkit functionality, the malware may remain on once infected devices. The various components of the software are encrypted to avoid detection by security software. Thereby HummingBad can perform a complex chain of actions to rooting Android and then perform additional private functions.
If the rooting fails, turn HummingBad to another way to enter. The malware pushing the user than a fake alert about a so-called system update. When the victim he is giving for social engineering or she permission for the installation of what is actually a malicious APK file. The malware is then installed, with its own icon hides and then performs the subsequent steps for the pwnen of the Android device.
Ads fraud
The main purpose of this infection is to generate through Google Play from ads revenue for the culprits behind this Android attack. This method is in accordance with the security researchers from Check Point similar to that of the Brain Test app, which has been previously discovered. That fraudulent app has even penetrated two occasions in the official Android app store Google Play. Security expert Graham Cluley explains how HummingBad did.
In addition to ads revenue through referrals in app store Google Play HummingBad also makes money through ads currently installing other fraudulent apps. Capabilities of the rootkit HummingBad can namely also perform another thorough actions. If the cybercriminals so wish, they would also be able to install keyloggers, intercept login credentials and even circumvent mail encryption. The malware communicates with control servers (command & amp; control), of which several are active and which house a few dozen multiple APKs, the experts warn Check Point
Also
.
No comments:
Post a Comment