, , , , , ,

Hackers Cloning Popular Android Apps to Infect Users with Malware

Your Android Device can be Hacked with These Popular 3rd Party Apps

The IT security researchers at Palo Alto Network have discovered new samples of the Adware-family “Ewind” have been discovered by security researchers. As if earlier versions of the Adware weren’t good enough, hackers have made some lethal modifications in the new samples, and it is looking even more dangerous than before.

Researchers believe that the new modifications in “Ewind” have made it much more than just an ordinary adware. As written in their blog post “Ewind is more than simply Adware. Ewind is, at very least, an actual Trojan – subverting genuine Android apps. The actor behind this activity can easily take full control of the victim device.”

When investigating multiple samples of the Ewind, researchers found that the Adware can do a lot of damage to its victim and could perform multiple tasks. On gaining the administrative rights, attackers can send several commands to the infected device including locking the screen, displaying different ads, preventing the uninstallation of the app, etc.

Ewind can also be used to steal SMS and contacts of an infected device. The hackers can steal the sender’s phone number and the SMS content, and it is likely that the feature can be used to bypass two-factor authentication.

In case you are wondering how an adware can perform all the above-said function, here is the answer: -Ewind has a list of “Targeted apps” on it, and every time it spots a targeted app, the adware sends a signal to its command and control (C2) server, which then notify Ewind to execute the relevant command.

Old School Trick: Hackers behind the adware are using an old school trick to promote Ewind. The trick involves disassembling a popular app of the play store, cloning it with a malicious code inside, and uploading it to third party stores to hunt unwitty users.

The security firm also found conclusive evidence suggesting that the culprits behind this vicious scheme are from Russia. However, they noticed something strange, something unusual. The hackers are not even sparing their countrymen; this has never happened before.

The researchers further explained that “Usually Russian actors avoid targeting Russian subjects. Deliberate targeting of Russians, in this case – by an apparently Russian actor – is therefore somewhat unusual.”

Written by Bianca Gerber

Bianca Gerber is a journalist who is working for the country's largest newspaper. She has a keen interest in reporting on activism and hacktivism.
She is also a contributor at EU based Revolution News media. Bianca reports and writes for Cyber-USA on IT security related topics.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code