Hopefully by now, Internet users know not to click on odd links, but malvertising– malicious code hidden within otherwise harmless advertisements— presents a more pernicious problem.
A brand-new malvertising campaign isn’t content to just redirect your web internet browser to unsafe sites. If you’re utilizing an Android phone, it downloads and installs an Android app that can jeopardize your entire phone, without any known solution.
The trap is easy to avoid, once it’s sprung, it’s sprung for good.
This information comes from the Zscaler ThreatLabZ team, a San Jose, California-based security firm. Zscaler found the problem by scouring the Godlike Productions forums, a hotbed of UFO and conspiracy theory activity. For once, the tinfoil-hatted commentors had it right; somebody truly WAS out to get them, and that somebody was a cyber-criminal.
What You NEED to Do to avoid the problem is extremely easy
You might not even be vulnerable to it in the first place. In order for apps from sources other than the Google Play store to be installed, users must go into Security– > Settings and enable apps from “Unknown Sources.”
That function is a security risk, and is disabled by default.
Still, if you use third-party app stores (like the Amazon Appstore), you’ve currently allowed Unknown Sources. To disable the feature, check your phone’s settings. Making it possible for and disabling third-party app installation will be under the Security menu, although that menu’s area may vary depending on your phone.
Advertisements on the online forum immediately set up an Android APK called “kskas.apk” to users’ phones. The program calls itself “Ks Clean” and assures to clean up out Android gadget.
Once installed, though, it claims that the phone is vulnerable to a security loophole and requires an update to safeguard the device.
The upgrade, is actually another app, and a lot more malicious one. This one needs administrative benefits to set up, which means that the “update” app can control your phone at the deepest level.
Once set up, the upgrade app takes no care in either cleaning your system or plugging security gaps. Instead, it plasters your home screen with obnoxious advertisements. While it doesn’t seem to be anything more malicious at the time, it does interact to its masters using a relatively intricate command-and-control server, and might distribute real malware if its creator so desired.
Uninstalling the app is difficult, considering that “update” manages the gadget at an administrative level. Any attempt to get rid of it forces the phone into a lock screen, and at the time of writing, there’s no way around it.
Your only recourse is to carry out a factory reset on the phone. Depending upon how much information you have minimized your device, this might vary from bothersome to disastrous.
If you must keep installing third-party apps, you can still prevent this particular hazard by simply rejecting Ks Cleaner or its update approvals when they attempt to install. A great Android anti-virus program is needed to capture the app and quarantine it before it has an opportunity to do any damage.
As for Godlike Productions, Zscaler was not able to find the advertisements that activated the malicious APK, so they might be passed now.