As winter sales hit the stores, both the users and brands need to be wary. Shoppers rely heavily on reviews, while retailers increase their promotion and advertising budgets during this period.
Kaspersky researches have detected a new Trojan application which terrorises users with unsolicited advertisements and boosts popular shopping app ratings and installations of online shopping applications – fooling both users and advertisers. This malicious app visits smartphone app stores, downloads and launches applications, and leaves fake reviews, while being unnoticed by the device owner.
The Trojan, dubbed ‘Shopper’ came to the attention of the Kaspersky researchers following its extensive obfuscation and use of the Google Accessibility Service which enables users to set a voice to read out app content and automate interaction with the user interface -designed to aid the less abled.
The malware can gain unlimited opportunities to interact with the system interface and applications once it gains access to use the service by masking itself as a system application and uses the system icon named ConfigAPKs. It can capture data featured on the screen, press buttons and even emulate user gestures.
After the screen is unlocked, the app launches, gathers information about the victim’s device and sends it to the attacker’s servers. The server then returns the commands for the application to execute.
The highest share of users infected from October to November 2019 was in Russia, with a staggering 28.46 percent of all users affected by the shopaholic app. Almost 18.7 percent of infections were in Brazil and 14.23 percent in India.
No one can guarantee that the creators of this malware will not change their payload to something else. For now, the focus is on retail, but the capabilities of this malware can enable attackers to spread fake information via users’ social media accounts and other platforms. For example, it could automatically share videos containing whatever the operators behind Shopper would want on personal pages of users accounts and just flood the Internet with unreliable information.
To reduce the risk of infection by malware threats, users should be aware of the apps that use the Accessibility Service, always check application permissions, do not install apps from untrusted sources and use reliable mobile security solution.