New malware writes fake reviews in Amazon & Play Store
A report published by digital forensics experts from Kaspersky details the activity of “Shopper”, a recently detected malicious app. According to this report, the malware hidden in this app has already infected almost 15% of smartphone users in India. The malware was also detected in countries such as Brazil, Russia, among others.
This app was developed to increase the ratings of shopping apps, spread ads and install apps on infected devices without the consent of affected users. In addition, the malware also has the ability to spread misinformation through social networks and other online platforms.
After the app is installed, and the user grants
some permissions the malware begins to interact with the system interface and
the rest of the installed apps to collect information displayed on the screen, automatically
press icons and even imitate some of the victims’ most used gestures, plus
Shopper can hide its icon on the apps menu.
The collected information is sent to a hacker-controlled
server. As if that weren’t enough, digital forensics experts claim that, after
completing the infection, Shopper is able to display ads on the smartphone
screen automatically as soon as the user unlocks their device.
Using a remote command, hackers abuse the
victim’s Facebook and Google accounts to sign up for shopping websites and
entertainment platforms like Dailyhunt, AliExpress, among others and even post
reviews on the Play
Store on behalf of the affected user. Hackers can also create shortcuts
to external websites and even replace legitimate app icons with shortcuts to
other sites. Shopper is also able to disable Google Play Protect, a feature to
verify the security of apps downloaded from official platforms.
The number of affected users has reached six
figures. In the report, Kaspersky’s digital forensics specialists say that, in
India there are around 400 million mobile phone users, mostly very unfamiliar
with security issues, which facilitates the work of hackers who develop apps
such as Shopper in order to trick users and stealing money and confidential
information.
The International Institute of Cyber Security
(IICS) says India has been the second country with the most victims of
cybercrime for at least three years, so it is not surprise that hackers keep
targeting this part of the world.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
Gloss