Home Tech News Beware: New Virus Pretends To Be You, Exploits Your Phone and More

Beware: New Virus Pretends To Be You, Exploits Your Phone and More

There’s a Trojan application going around that terrorizes users with unsolicited ads and boosts installations of online shopping applications— fooling both users and advertisers. The malicious app visits smartphone app stores, downloads and launches applications, and leaves fake reviews on behalf of the user, all while hiding itself from the device owner.

Given the highly digitized marketplace today, users rely heavily on reviews left by fellow online shoppers when choosing shops while retailers increase their promotion and advertising budgets based on these reviews. With the Trojan application rampant on the web creating a trail of fake reviews, boosting downloads, and masquerading as a real person—it easily fools people into thinking a source is reputable when it’s not and reaps profit from advertisers with puppet stringed users.

The Trojan, dubbed ‘Shopper’, first drew the attention of researchers following its extensive obfuscation and use of the Google Accessibility Service. The service enables users to set a voice to read out app content and automate interaction with the user interface—designed to help people with disabilities. However, in the hands of attackers this feature presents a serious threat to the device owner. 

Once it has the permission to use the service, the malware can gain almost unlimited opportunities to interact with the system interface and applications. It can capture data featured on the screen, press buttons, and even emulate user gestures. It is not known yet how the malicious application is being spread, however Kaspersky researchers assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to get a legitimate application. 

The app masks itself as a system application and uses a system icon named ConfigAPKs in order to hide itself from the user. After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for the application to execute.

Far from its innocent name, the ‘Shopper’ virus is sneaky, disruptive, and completely nullifies your privacy and security. For instance, the app can use a device owner’s Google or Facebook account to register on popular shopping and entertainment apps, including AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba and leave app reviews in Google Play. Furthermore, it turns off Google Play Protect, a feature that runs a safety check on apps from the Google Play Store before they are downloaded. It also sends phising requests to get accessibility access.

It can opens links received from the remote server in an invisible window and hide itself from the app menu after a number of screens are unblocked. It shows ads when unblocking the device’s screen and create labels to advertised ads in the app menu and downloads and installs applications from the Apkpure[.]com ‘market’. Open and download advertised applications in Google Play and replace labels of installed apps with labels of advertised pages.

The highest share of users infected by Shopper from October to November 2019 was in Russia, with a staggering 28.46% of all users affected by the shopaholic app located in the country. Almost a fifth (18.70%) of infections were in Brazil and 14.23% in India.

“Despite the fact that at the moment, the real danger stemming from this malicious app is limited to unsolicited ads, fake reviews and ratings issued in the name of the victim, no one can guarantee that the creators of this malware will not change their payload to something else. For now, the focus of this malicious app is on retail, but its capabilities enable attackers to spread fake information via users’ social media accounts and other platforms. For example, it could automatically share videos containing whatever the operators behind Shopper would want on personal pages of users accounts and just flood the internet with unreliable information,” says Igor Golovin, Kaspersky malware analyst.

To protect yourself, always make sure that the apps you install are from a reputable source. And even if so, stay cautious when granting accessibility permissions and always check application permissions from time to time to see what your currently installed apps are allowed to do. Lastly, you can use a reliable mobile security solution like the Kaspersky Internet Security for Android, that can help identify potentially dangerous or questionable requests made by the downloaded application, and explain the risks associated with different types of common permissions.

-- Advertisement --
-- Advertisement --
-- Advertisement --

Latest Articles

vivo X50: A great smartphone for camera enthusiasts [Full review]

Is this the X you've been looking for? The X50 is the latest smartphone from Vivo, claiming to be...

Your perfect workout buddy — the Huawei Watch Fit

Having been indoors for the past several months has definitely protected us from the dangers of the outside world in terms of...

OPPO Celebrates 16th Anniversary

Leading global tech brand OPPO celebrates its 16th anniversary, marking a milestone in the company’s constant technological innovation and growth. Over the past...

Win cool prizes with Huawei’s #MoreThrillsToExplore games

Remember when gaming used to be a rather expensive hobby? Now, every other person seems to either be playing online multiplayer games,...

Nissan dares the impossible with the Nissan LEAF at the 8th Philippine Electric Vehicle...

In line with its commitment to bring innovation that excites to the market, Nissan in the Philippines will be participating in the...


2ndopinion Admin
Delivering the latest news, features, and product reviews in the worlds of cars, technologies, and lifestyle since September 2014.


Please enter your comment!
Please enter your name here