Evil Kemoge Serves Androids Ads And Rootkits

  /     /     /  
Publicated : 22/11/2024   Category : security

Evil Kemoge Serves Androids Ads And Rootkits


Malware is wrapped into a wide variety of legitimate apps on third-party stores and one on Google Play.


Kemoge, a new piece of Android malware, wont just irritate users with relentless ads, but may also root their device, according to researchers at FireEye.
Like the recently discovered
Mapin
, which spread by attaching itself to Candy Crush and Plants vs. Zombies, Kemoge is propagating by packaging itself into popular, legitimate Android apps -- including security ones. Kemoge was found in Easy Locker and Privacy Lock, as well as ShareIt, Calculator, and Kiss Browser. 
First, Kemoge collects device info and aggressively serves up ads, popping up ads even if the user is doing nothing but idling on the Android home screen.
However, according to
the FireEye report
, Initially Kemoge is just annoying, but it soon turns evil.
Kemoge also carries root exploits -- as many as eight different exploits, crafted for compromising a variety of device models. According to the report, some of the exploits are from the commercial tool Root Dashi (also called Root Master), and others are from open-source projects. The methods include include mempodroid, motochopper, perf_swevent exploit, sock_diag exploit, and put_user exploit.
Once the device is rooted, Kemoge receives instructions from its command-and-control server to either uninstall particular apps -- including anti-virus and popular legitimate apps -- launch particular apps, or download and install apps from URLs provided by the C2 server.
The Kemoge writers uploaded their weaponized apps to third-party app stores; one altered version of ShareIt also showed up on the official Google Play store, but it only included the adware, not the root exploits and C2 functionality. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Evil Kemoge Serves Androids Ads And Rootkits