Researchers at Cyber Security and Antivirus Kaspersky said that there is new software that increases the classification and number of downloads of popular shopping applications, as well as the publication of annoying ads to users, as more than 14% of Indians are affected by these malicious programs called “Shopper”, The highest percentage of infected users was from October to November 2019 in Russia.
According to the Indian TOI website, nearly a fifth (18.70 percent) of infections were in Brazil and 14.23 percent in India, Igor Golovin, a malware analyst in Kaspersky, said in a statement: “Although at the present time it is limited The real danger posed by this malicious application to spammy ads, fake reviews and ratings issued in the victim’s name, no one can guarantee that the creators of this malware will not change their targets to anything else. “
At the moment, the focus of this malicious application is on retail, but its capabilities enable attackers to post fake information through user accounts on social networks and other platforms, and this malicious program caught the attention of researchers first after severe obfuscation and the use of accessibility service to Google, where The service allows users to set a voice to read application content and automate interaction with the user interface – designed to help people with disabilities, however, in the hands of attackers this feature poses a serious threat to the owner of the device
“The malware can automatically share videos that contain what the operators want behind Shopper on personal pages of user accounts and flood the Internet with unreliable information,” Golovin added, according to researchers, once the software gets permission to use the service, it can get unlimited opportunities Almost to interact with the system interface and applications, in addition to capturing data on the screen, pressing buttons and even emulating user gestures.
It is not yet known how the malicious application is published, however, Kaspersky researchers assume that it may be downloaded by device owners from fraudulent ads or third-party app stores while trying to obtain a legitimate app, and surprisingly, the app uses the named system icon “ConfigAPKs” to hide itself from the user.
After unlocking the screen, the app launches, collects information about the victim’s device and sends it to the attacker’s servers, where the server displays application orders for execution, and in particular, according to the orders, the app can use the Google or Facebook account of the device owner to register in popular shopping and entertainment areas such as AliExpress, Lazed, Zalora, Shein, Joom, Likee and Alibaba, leave app reviews on Google Play on behalf of the device owner, check access rights to the accessibility service and if permission is not granted, it sends a phishing request to them.
The app can also turn off Google Play Protect – a feature that runs a secure scan of apps from the Google Play store before downloading them, open links received from the remote server in an invisible window and hide itself from the app list after the number of screens is unblocked.