GEC NEWS WIREChina-based company reportedly behind attack that can potentially take over Android devices
FireEye has recently discovered a rapidly spreading malicious adware family that allows for complete takeover of an Android user’s device. This attack is created by a mobile app promotion company called NGE Mobi/Xinyinhe that claims to be valued at more than USD 100 million, with offices in China and Singapore.
This malicious adware uses novel techniques to maintain persistence and obfuscate its activity, including installing system-level services, modifying the recovery script executed on boot, and even tricking the user into enabling automatic app installation. The distribution of over 300 malicious, illegitimate versions of Android apps have been observed, including Amazon, Memory Booster, Clean Master, PopBird, YTD Video Downloader, and Flashlight. So far, the infection range is wide, with victims from more than 26 countries across four continents having been infected. The malicious adware has infected 20 different versions of Android, from 2.3.4 to 5.1.1. This covers almost all versions of Android.
This is a worldwide attack with a high threat, likely controlled by a Chinese organization. To safeguard themselves, users are advised to never click on suspicious links from emails/SMS/websites/advertisements, or install apps outside the official app store. Keeping Android devices constantly upgraded will provide some security as well.
