New Android Trojan Kills Play Protect And Places Fake App Reviews From Infected Devices

A new Android Trojan now threatens smartphone users. The Shopper.a Android Trojan kills Play Protect and lets the attackers place fake app reviews from infected devices.

About Android Trojan Shopper.a

Reportedly, researchers from Kaspersky Labs have discovered a new malware that targets Android users. Identified as Shopper.a, this Android Trojan exhibits a high level of maliciousness and different functionalities. The most unique being the ability to boost app reviews.

Elaborating on their findings in a blog post, the researchers stated that the cybercriminals are using this Trojan-Dropper.AndroidOS.Shopper.a to place fake app reviews and increase the number of installations. Certainly, a feature to lure advertisers by boosting app reputation.

Other than boosting the app’s ratings, the malware is also capable of executing other functionalities. Upon reaching a device, the trojan masks itself as a system app named ‘ConfigAPKs’ to trick the user.

Whereas, in the background, the trojan continues its malicious activities. This includes exploiting the Android Accessibility Service for providing limitless possibilities for abusing the target devices.

As stated by the researchers,

The lack of installation rights from third-party sources is no obstacle to the Trojan — it gives itself the requisite permissions through AccessibilityService… With permission to use it, the malware has almost limitless possibilities for interacting with the system interface and apps. For instance, it can intercept data displayed on the screen, click buttons, and emulate user gestures.

The malware can kill Google Play Protect, install apps, show ads, post fake reviews to the apps, and can register the target users to various apps via their Google or Facebook accounts.

Malware Already In The Wild

The researchers observed active Shopper.a campaigns in the wild. Though, the malware predominantly disseminated in Russia, particularly during October-November 2019. It also targeted users in Brazil and India as well.

Source: Kaspersky Lab

Like always, Android users must remain vigilant while installing apps. Make sure to review the permissions an app requires, check the relevancy of reviews to the app functionalities, and never download apps from third-party sources.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients