Published on March 20th, 2016 📆 | 6872 Views ⚑0
New Android Gmobi adware found in firmware and popular apps
The experts highlighted that the Gmobi adware can install the APK files in a covert way only if the malware has the necessary privileges.
The server replies with an encrypted JSON (Java Script Object Notification) object that can contain the following commands:
- Update the database with information about the advertisement to display.
- Create an advertising shortcut on the home screen.
- Display an advertising notification.
- Display a notification tapping which will result in launch of an installed application.
- Automatically download and install APK files using a standard system dialog. A covert installation of these files is performed only if the Trojan has necessary privileges.
The researchers have detected Gmobi in Trend Micro’s Dr. Safety and Dr. Booster apps, and the ASUS WebStorage apps. The Gmobi variant that was discovered in the software of the Trend Micro firm only collected information from the Android devices and sent it to a remote server.
Dr.Web reported the issue to all the impacted companies, Trend Micro has promptly released a new version of the infected apps.
“If your device’s firmware is infected by this Trojan, the malware cannot be removed by the anti-virus without root privileges. However, even if root privileges are gained, there is a high risk of making the device non-operational because the Trojan can be incorporated into some critical system application. Therefore, the safest solution for victims ofAndroid.Gmobi.1 is to contact the manufacturer of the device and ask them to release a firmware update without the Trojan.” concludes Dr Web.