Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Pig in a poke: smartphone adware
Pig in a poke: smartphone adware
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 15,348
Threads: 9,926
Thanks Received: 9,193 in 7,345 posts
Thanks Given: 10,041
Joined: 12 September 18
#1
Bug  08 July 20, 05:53
Quote:
[Image: sl_pre-installed_ads_01.png]

Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get rid of it can lead to device failure. In addition, ads can be embedded in undeletable system apps and libraries at the code level. According to our data, 14.8% of all users attacked by malware or adware in the past year suffered an infection of the system partition.

Why is that? We observe two main strategies for introducing undeletable adware onto a device:
  • The malware gains root access on the device and installs adware in the system partition.
  • The code for displaying ads (or its loader) gets into the firmware of the device even before it ends up in the hands of the consumer.
The Android security model assumes that an antivirus is a normal app, and according to this concept, it physically can not do anything with adware or malware in system directories. This makes adware a problem. The cybercriminals behind it stop at nothing that will earn them money from advertising (or rather, the forced installation of apps). As a result, malware can end up on the user’s device, such as CookieStealer.

As a rule, 1–5% of the total number of users of our security solutions encounter this adware (depending on the particular device brand). In the main, these are owners of smartphones and tablets of certain brands in the lower price segment. However, for some popular vendors offering low-cost devices, this figure can reach up to 27%.

Who’s there?

Among the most common types of malware installed in the system partition of smartphones are the Lezok and Triada Trojans. The latter is notable for its ad code embedded not just anywhere, but directly in libandroid_runtime — a key library used by almost all apps on the device. Although these threats were identified several years ago, users continue to run into them.

But Lezok and Triada are just the tip of the cyber iceberg. Below, we examine what else users face today and which system apps were found to contain “additional” code.

Trojan-Dropper.AndroidOS.Agent.pe

This obfuscated Trojan usually hides in the app that handles the graphical interface of the system, or in the Settings utility, without which the smartphone cannot function properly. The malware delivers its payload, which in turn can download and run arbitrary files on the device.
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Revo Registry Cleaner
Revo Registry Cleane...jasonX — 01:51
Adlice Protect (formerly RogueKiller) 16...
Adlice Protect (fo...harlan4096 — 10:41
Brave 1.84.132
Release Channel 1....harlan4096 — 10:40
uBOLite 2025.1028.1744
uBOLite 2025.1028....harlan4096 — 10:38
AMD confirms Zen6 Ryzen “Medusa” CPUs du...
AMD Venice and Med...harlan4096 — 10:34

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>