A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns.
The dodgy Android utility poses as "Ks Clean", an Android cleaner app. Once installed, the app displays a fake system update message in which the only option presented to the user is to select the "OK" button, giving victims little immediate option other than to accept a supposed security update.
As soon as the user presses "OK", the malware prompts the installation of another APK named "Update". The Update app asks for administrator privileges which, if granted, can't be revoked.
The app uses the insidious mask of a "security update" to get a user to complete the installation.
After that, there is nothing to stop malware from slinging pop-up ads at victims even when the user is using other apps. Users would be unable to easily uninstall the app using the traditional "Uninstall" option because it has admin rights.
This is a "security update". It's for your own good
and you must comply. [source Zscaler blog post]
Zscaler has identified over 300 instances of malicious APKs from this campaign affecting users in US and UK over the last two weeks, including an attack on a conspiracy forum called "GodLikeProductions".
"On one such forum we found entitled 'GodLikeProductions', visitors complained about the automatically downloading app, but those messages were either removed or ignored by the forum's hosts, allowing the problem to perpetuate," Zcaler reports. ®