An Android malware called Shopper is actively taking over smartphones, to post fake reviews on Google Play.. and worse!
Find out what’s going on, and how to prevent your smartphone from being hijacked by Shopper!
Shopper : What Does It Do?
Shopper (Trojan-Dropper.AndroidOS.Shopper.a) is an Android trojan that uses the Google Accessibility Service to take over your smartphone.
It is not yet known how users are being infected, but researchers suspect that it may be downloaded through fraudulent ads, or third-party app stores when they try to download legitimate apps.
The malware masks itself as a system application, and uses a system icon called ConfigAPKs to hide itself from the user.
After the user unlocks the screen, the Shopper trojan launches and gathers information about the device, which is then sent to the attacker’s servers.
The attacker’s servers will then send commands to the Shopper trojan to execute one or more of these actions :
- Check the rights to use the Accessibility Service. If permission is not granted, it will send a phishing request until it gets it
- Turn off Google Play Protect, a safety check on Google Play Store apps before they’re downloaded
- Post fake positive app reviews in Google Play, for those apps
- Open links received from the remote server in an invisible window
- Download and install advertised apps from Google Play Store
- Download and install apps from the Apkpure third-party app store
- Show ads when the smartphone screen is unlocked
- Create labels to advertised ads in the app menu
- Replace the labels of your installed apps with labels of advertised websites
- Use your Google or Facebook account to register on popular shopping and entertainment apps, like AliExpress, Lazada, Zamora, Shein, Joom, Likee and Alibaba
Shopper : Who’s Getting Infected?
Right now, Kaspersky researchers say that it is most widespread in Russia (28.46%), following by Brazil (18.70%) and India (14.23%) :
Shopper : How To Block It?
To reduce the risk of being infected by Trojan-Dropper.AndroidOS.Shopper.a, take these actions :
- Do NOT install apps from untrusted sources
- Block the installation of apps from unknown sources in your smartphone settings
- Be wary of apps that require the use of the Google Accessibility Service, especially if the app is not meant to offer accessibility features to the disabled
- Always check application permissions to see what your installed apps are allowed to do
- Use a reliable mobile security solution
Suggested Reading
- Operation Goldfish Alpha : INTERPOL Tackles Cryptojacking!
- Kaspresso : FREE Android App Testing Tool Released!
- Dell Forecasts The Future of Connected Living In 2030!
- WizardOpium Exploit : Update Google Chrome ASAP!
- How AMD CPUs Work In A Secured-core PC Device!
- The Microsoft Secured-core PC Initiative Explained!
- Why Cybersecurity Is Critical For Industry 4.0 Success
- Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!
- Kaspersky Travel Scam Alert + Advisory For The Holidays!
- Incident Response – Five Key Factors CISOs Should Consider!
- The 2019 Kaspersky Cybersecurity Report – Key Findings + Advice!
- The 2019 Kaspersky ICS CERT Report + Recommendations!
- How To Deal With The Momo Challenge + Hype!
- The AndOwningIt Campaign By Kaspersky Lab + The Mix!
- Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!
- Kaspersky Lab Tips On Staying Safe While Shopping Online!
Go Back To > Cybersecurity | Home
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!