07-05-2023, 09:00 PM
Drive by downloads causing chaos
Â
The Zscaler ThreatLabZ team recently identified an Android app that was downloading itself from advertisements posted on forums. Malvertising is a growing problem and one that we have covered on past occasions, especially given the rise in SSL sites that serve malicious ads.  On one such forum we found entitled ââ¬ÅGodLikeProductions,ââ¬Â visitors complained about the automatically downloading app, but those messages were either removed or ignored by the forum's hosts, allowing the problem to perpetuate. In this particular instance, the app uses the insidious mask of a "security update" to get a user to complete the installation.Â
Â
Here is our detailed analysis of how the malicious app works.Â
Â
https://www.zscaler.com/blogs/research/m...-downloads
Â
According to the Zscaler,ââ¬ÂOnce the app gains admin rights, it becomes impossible to remove it from the device. The traditional ââ¬ÅUninstallââ¬Â option, by default, becomes disabled, because a user cannot remove apps with admin rights. Usually, one can uninstall such apps by first removing admin privileges via settings, but this app uses an unconventional method ââ¬â registering as an Android receiver ââ¬â to preserve its admin privileges.ââ¬Â
Â
This malicious App Stats that, Once Victims tried to uninstall this app, suddenly phone gets locked for few seconds.
Â
https://gbhackers.com/malicious-android-...d-devices/
Â
Â
The Zscaler ThreatLabZ team recently identified an Android app that was downloading itself from advertisements posted on forums. Malvertising is a growing problem and one that we have covered on past occasions, especially given the rise in SSL sites that serve malicious ads.  On one such forum we found entitled ââ¬ÅGodLikeProductions,ââ¬Â visitors complained about the automatically downloading app, but those messages were either removed or ignored by the forum's hosts, allowing the problem to perpetuate. In this particular instance, the app uses the insidious mask of a "security update" to get a user to complete the installation.Â
Â
Here is our detailed analysis of how the malicious app works.Â
Â
https://www.zscaler.com/blogs/research/m...-downloads
Â
According to the Zscaler,ââ¬ÂOnce the app gains admin rights, it becomes impossible to remove it from the device. The traditional ââ¬ÅUninstallââ¬Â option, by default, becomes disabled, because a user cannot remove apps with admin rights. Usually, one can uninstall such apps by first removing admin privileges via settings, but this app uses an unconventional method ââ¬â registering as an Android receiver ââ¬â to preserve its admin privileges.ââ¬Â
Â
This malicious App Stats that, Once Victims tried to uninstall this app, suddenly phone gets locked for few seconds.
Â
https://gbhackers.com/malicious-android-...d-devices/
Â