Smut apps infecting Androids with long-gestation nasties

Is that a KitKat in your pocket or are you just trying to p0wn me?

Dell security researcher Alex Dubrovsky says malware writers have started a campaign that will soon see financially-motivated and/or data-stealing attacks plunder older Android devices through infected porn apps.

Android allows users to install apps that replace the lock screen and imbue it with different functionality. It's that facility that attackers are exploiting, by fooling users into installing hard-to-remove lock screen apps.

For now, those apps do not appear to steal data or request cash. But Dubrovsky says the apps request a huge number of permissions including device administrator rights which, if granted by users, make the apps difficult to remove.

"This lock screen is spreading mainly via Porn related apps," Dubrovsky says.

"Based on some of the components it appears that this campaign is still in its early stages and will evolve over time.

"It is interesting to note that there is no demand for ransom of any kind, also the fact that the victim can come out of this view gives an indication that this mechanism might not be completely implemented."

User phones are locked in the lock screen view preventing victims from accessing system settings and using their devices.

Affected devices appear to be Android 4.4 KitKat, which is the second most popular Android variant released in 2013.

Dubrovsky says pwned users can kill the malware using Android Debug Bridge.

  • Get into the device shell - adb shell
  • Run the command - pm disable [ application package name ]
  • Get out of the shell and run - adb uninstall [ application package name ]

"Overall it looks like this campaign is in its early days as the lock screen does not work as expected and it is easy to come out of the 'lock' state," Dubrovsky says.

He expects the authors will produce improved lock-screen malware in the future.

A further method Dubrovsky does not mention could be found by entering recovery mode and either factory-resetting devices or preferably flashing a modern or more recent version of the Android operating system. ®

Sponsored: Detecting cyber attacks as a small to medium business


Biting the hand that feeds IT © 1998–2020