Android adware wields potent root exploits to gain permanent foothold

Enlarge / In-the-wild samples of Kemoge impersonating well-known apps. (credit: FireEye)

Researchers have uncovered yet another Android-based adware campaign targeting people who download what they believe are trusted titles from websites and other third-party app stores.

The apps use repackaged icons to disguise themselves as popular titles and are offered for download through pop-up ads on visited websites and in-app promotions, according to a blog post published Wednesday by researchers from security firm FireEye. Once installed, the apps exploit as many as eight separate Android vulnerabilities that allow the apps to gain deep root access privileges. From there, the apps launch code libraries mimicking legitimate Android services, such as com.facebook.qdservice.rp.provider and com.android.provider.setting, to gain a permanent foothold on infected phones.

FireEye researchers wrote:

Read 2 remaining paragraphs | Comments