nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Ad-slinging rootkit nasty permanently drills into Android mobes, tabs

Kernel-exploiting Kemoge in 20 countries and counting

By John Leyden, 7 Oct 2015

Security researchers have uncovered malware that infects deep inside Android devices, spams screens with pop-up adverts, and obeys commands from its masters across the internet.

The software nasty, likely crafted by Chinese crims, has already spread to over 20 countries across all continents, security firm FireEye warns. The Kemoge malware disguises itself as popular apps to trick people into downloading and installing it.

Once in place, Kemoge collects information about the device, uploads it to an ad server, and then floods victims with pop-up ads.

This is annoying enough by itself, but the code soon turns outright malicious: it tries to exploit as many as eight vulnerabilities in the operating system to gain powerful administrator-level privileges.

It uses these powers to install a rootkit on gadgets, allowing crooks to completely compromise a device and install more malicious code – such as password-stealing spyware. The rootkit communicates with an outside server to receive commands to execute. It also tries to thwart attempts to detect and remove the malware.

FireEye's writeup of Kemoge, featuring much more technical detail, can be found here.

To avoid an infection, don't download software from unofficial app stores, and keep up-to-date with the latest version of Android, if possible. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing