Once downloaded, the app silently registers the user’s device to a remote command and control server, and in reply, it receives the actual malicious payload containing a JavaScript that starts the actual malicious process.
“The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website,” the researchers say. “Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.”
The malicious apps are actual legitimate games, but in the background, they act as a bridge to connect the victim’s device to the adware server.
Once the connection is established, the malicious apps spoof user agents to imitate themselves as a desktop browser to open a page and generate clicks.
Here’s a list of malicious apps developed by Kiniwini and if you have any of these installed on your device, remove it immediately:
- Fashion Judy: Snow Queen style
- Animal Judy: Persian cat care
- Fashion Judy: Pretty rapper
- Fashion Judy: Teacher style
- Animal Judy: Dragon care
- Chef Judy: Halloween Cookies
- Fashion Judy: Wedding Party
- Animal Judy: Teddy Bear care
- Fashion Judy: Bunny Girl Style
- Fashion Judy: Frozen Princess
- Chef Judy: Triangular Kimbap
- Chef Judy: Udong Maker – Cook
- Fashion Judy: Uniform style
- Animal Judy: Rabbit care
- Fashion Judy: Vampire style
- Animal Judy: Nine-Tailed Fox
- Chef Judy: Jelly Maker – Cook
- Chef Judy: Chicken Maker
- Animal Judy: Sea otter care
- Animal Judy: Elephant care
- Judy’s Happy House
- Chef Judy: Hotdog Maker – Cook
- Chef Judy: Birthday Food Maker
- Fashion Judy: Wedding day
- Fashion Judy: Waitress style
- Chef Judy: Character Lunch
- Chef Judy: Picnic Lunch Maker
- Animal Judy: Rudolph care
- Judy’s Hospital: Pediatrics
- Fashion Judy: Country style
- Animal Judy: Feral Cat care
- Fashion Judy: Twice Style
- Fashion Judy: Myth Style
- Animal Judy: Fennec Fox care
- Animal Judy: Dog care
- Fashion Judy: Couple Style
- Animal Judy: Cat care
- Fashion Judy: Halloween style
- Fashion Judy: EXO Style
- Chef Judy: Dalgona Maker
- Chef Judy: ServiceStation Food
- Judy’s Spa Salon
At least one of these apps was last updated on the Play store in April last year, which means the malicious apps were propagating for more than a year.
Google has now removed all the above-mentioned malicious apps from Play Store, but since Google Bouncer is not sufficient to keep bad apps out of the official store, you have to be very careful about downloading apps.
Ref: thehackernews.com