- Jul 22, 2014
- 2,525
A malvertising campaign detected on a popular forum is forcibly downloading an Android app on users' devices, which later installs a second app with more intrusive features and which is almost impossible to remove without flashing the user's phone.
Detected by security researchers from Zscaler, this malvertising campaign was currently only spotted via malicious ads delivered on the GodLike Productions forum, a site that ranks in Alexa's Top 11K most popular websites on the Internet.
Malvertising forcibly downloads app on users' phones
According to researchers, malicious ads displayed on this forum would auto-download an Android APK to users' devices accessing the site from their Android smartphones.
Under normal circumstances, this wouldn't be a problem as users need to manually launch the app to be installed. Unfortunately, not all users know this, and there are plenty of users who wanted to check out what this new app was and installed it.
This app's name is Ks Clean (kskas.apk), and it tries to pass as an Android cleaner app. Installing this app triggers an immediate popup that mimics a security update. Because there's no "cancel" or "close" button, users have no choice but to click "Ok" to dismiss the message.
.....
To prevent being affected by this campaign, Zscaler researchers say users should disable auto-download in all their mobile browsers and turn off the "Unknown Sources" option in the Android Security settings section. This latter option is off by default, but some users and OEMs enable the feature for various reasons.
....
Detected by security researchers from Zscaler, this malvertising campaign was currently only spotted via malicious ads delivered on the GodLike Productions forum, a site that ranks in Alexa's Top 11K most popular websites on the Internet.
Malvertising forcibly downloads app on users' phones
According to researchers, malicious ads displayed on this forum would auto-download an Android APK to users' devices accessing the site from their Android smartphones.
Under normal circumstances, this wouldn't be a problem as users need to manually launch the app to be installed. Unfortunately, not all users know this, and there are plenty of users who wanted to check out what this new app was and installed it.
This app's name is Ks Clean (kskas.apk), and it tries to pass as an Android cleaner app. Installing this app triggers an immediate popup that mimics a security update. Because there's no "cancel" or "close" button, users have no choice but to click "Ok" to dismiss the message.
.....
To prevent being affected by this campaign, Zscaler researchers say users should disable auto-download in all their mobile browsers and turn off the "Unknown Sources" option in the Android Security settings section. This latter option is off by default, but some users and OEMs enable the feature for various reasons.
....
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
