Android smartphone users need to be careful of a new form of Trojan malware. It is specifically targeting Android operating system by duping the victims to download a fake security update. The update is for Adobe Flash Player. This download makes the Android smartphone more susceptible to malicious software.
The malware on Android phones is designed in order to monitor the activity of user for the purpose of stealing data. It mimics the actions of the user in order to generate the funds from fraudulent adware installations that enable the installations of various other malware. This potentially includes ransomware.
The Torjan malware has been first reported by ESET which is a security company. The malware is targeting every and all versions of Google operating system that is Android. It tricks the victims into granting it special permission as a security update which then downloads additional malware into the phone.
How does it compromise your Android smartphone?
It is distributed mainly through social media and compromised websites. These websites are mostly of the adult variety- Android/Trojan. The malware works by looking like a legitimate update screen which features that the user needs to download Adobe Flash patch for protection from cyberattacks. Security updates that prevent other malwares and spying software from getting inside the user Android phone. Now, if the user downloads the security update then there is a new screen that pops up. The screen shows that the device is consuming a lot of energy and that there is Saving battery mode that the user must activate. Now, the pop up keeps on lying about the battery saver option and does not go away until the users opts to turn the new mode on. This is a lie and the battery is working fine but is being reported, otherwise.
After switching to battery saving option the Android accessibility menu is opened. It features a list of legitimate services with accessible functions. There are newly created by the malware under the guise of saving battery. The Trojan gets even more malicious by functioning as users’ permission center and asking to monitor the actions of the Android user. It also asks permission to retrieve content and turn on Explore by Touch. All of these are the requirements for cyberattackers to carry out their plans of hacking. They attain it by monitoring and mimicing the clicks. They also keep an eye on the selections on the display screen. These activities are used to download additional malware into the phone.
The malware works at the back with cyberattacker server
When the service is enabled then the flash player will hide its working from the users. In the background, however, it is in contact with the control server and is providing cyberattackers with the information. After the contact with the server has been made the device will further download malicious apps. These apps might range from adware, spyware to ransomeware. Now, when installing the new malwares the device which is hacked will display a fake lock screen. The lock screen will have no option of closing. It will ensure that any ongoing malicious activity is not compromised.
So when activities are hidden from on-screen the malware is better able to exploit the permission in order to mimic the user clicks and download additional malicious software. All of this to be noted is unseen. The screen disappears when the malware is done installing.The users are able to use their device which is under surveillance by the hackers, now.
One of the researchers from ESET who led the analysis of Android/Trojan Downloader. Agent JI said, “In cases we investigated, this Trojan was built to download another Trojan designed for siphoning off funds from bank accounts. However, it would take only a small change in the code for the user to get served with spyware or ransomware,”
How to fight this malware in Android smartphone?
The only possible way to fight this malware is to avoid any websites that might appear a bit shady. It is necessary to be careful while browsing. Be wary of any updates suggested by the Android device and in most cases from the official Adobe website. One thing to look out for is granting permissions to apps which might be asking for more than they need.
If you think that you’ve already fallen a victim to the malware then the only attempt in removing it is by uninstalling the “Flash-Player” app from the phone. This does require more work to be done on the device in order to get rid of every malicious software.
“Unfortunately, uninstalling the downloader doesn’t remove malicious apps the downloader might have installed. As with the downloader itself, the best way for cleaning up the device is using a mobile security solution,”says ESET researcher.
Image via Slash Gear