Konfeti is back to attack Android smartphones. More devious and vicious than last year, it hides in dummy applications that imitate legitimate apps of the Play Store. Once installed, the virus bombes the user of pubs, redirects to malware, steals data and installs other malware on the phone.
Last summer, the Play Store was invaded by 250 malicious applications hiding a malware titled Konfeti. The purpose of malware was to bomb users of untimely advertising banners, while generating fraudulent revenues. Applications were based on Advertising fraud on a large scale.
A year later, Konfeti is back. Identified by Zimperium researchers, the virus is making a strength in a new form. Like last year, malware hides in Apparently harmless applications. Once installed, they do not work as expected, and do not offer the expected features.
This time, the pirates slipped Konfeti into APK files exchanged on the web, especially in third -party apps. Unsurprisingly, cybercriminals have usurped the identity of renowned and known applications, which are available on the Play Store. Malware “Copies the name of the package of a legitimate application, but does not take up the functions”Indique Zimperium.
Read also: new threat to Android – how an invisible interface can push you to validate anything
Malicious sites, annoying pubs, and data theft
Deployed on the smartphone, the virus redirects the user Towards malicious sitesforces the installation of unwanted applications, displays false notifications trapped, displays ads in the background, and steals information on applications, the network and the system. Finally, Konfeti can also install other malicious remote modules. It is potentially a disaster for your personal data, as well as for money stored in your bank account.
To go unnoticed, Konfeti has a series of escape tactics. In order to escape the antivirus and safety mechanisms of Google, Konfeti load the malicious code At the very last moment. It is encrypted and remains invisible until it is deciphered and launched during the execution of the application. In addition, the virus uses an unusual compression format, the Bzip.
Most analysis tools cannot read this format, which slows down or blocks inspection by antivirus. By combining these tips, Konfeti is planting software used by security researchers, such as Apktool or Jadx. This “Actic aims to bypass security checks and complicate technical analysis, making the detection and study of malware much more difficult for safety experts”.
Read also: cyber attacks against Android – the number of viruses is exploding
A discreet and clever virus
Above all, the malicious application is capable of hiding from the user’s eyes. Once installed, she goes hide your icon so as not to appear on the home screen. The application does not appear in the list of apps either. From the point of view of the user, it is difficult to detect the presence of the app which displays intrusive advertisements on their smartphone. Finally, the application acts differently depending on The geographic position of his victim. With access to GPS, hackers can target their victims, and avoid operating in the regions in which the authorities are the most looking.
As Zimperium explains, “The authors of Konfeti are very adaptable, they often change their advertising networks and their methods to avoid being detected”. To avoid falling into Konfeti claws, you are recommended to avoid third -party application stores. CONTROL OF APPLIES ON THE PLAY Store that are published by renowned publishers. Before installing an app, take the time to consult the comments and opinions.
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Squeeze