Connect with us

Apps

Android Trojan Mimics User Clicks to Download Malware

Published

on

Android users have been exposed to a new malicious app imitating Adobe Flash Player that serves as a potential entrance for many types of dangerous malware. The application, detected by ESET security software as Android/TrojanDownloader.Agent.JI, tricks its victims into granting it special permissions in the Android accessibility menu and uses these to download and execute additional malware of the attackers’ choice.

According to ESET’s analysis, the trojan targets devices running Android, including the latest versions. It is distributed via compromised websites, including social media sites. Under the pretense of safety measures, the websites lure users into downloading a fake Adobe Flash Player update. If the victim falls for the legitimate-looking update screen and runs the installation, they have more deceptive screens to look forward to.

How does it work?
The next phony screen pops up following successful installation, claiming “too much consumption of energy” and urging the user to turn on a fake “Saving Battery” mode. Like most malicious pop ups, the message won’t stop appearing until the victim gives in and agrees to enable the service. This opens the Android Accessibility menu, showing a list of services with accessibility functions.

Picture1

Among the legitimate ones, a new service (created by the malware during installation) named “Saving battery” appears. The service then requests permissions to monitor users actions, Retrieve window content and Turn on Explore by Touch – all crucial for future malicious activity, enabling the attacker to mimic the user’s clicks and select anything displayed on users screen.

Picture2

Once the service is enabled, the fake Flash Player icon hides from the user. However, in the background, the malware is busy contacting its C&C server and providing it with information about the attacked device. The server responds with a URL leading to a malicious app of the cybercriminals’ choice – in the detected case, a banking malware (though it could be any malware ranging from adware through spyware, and on to ransomware). After acquiring the malicious link, the compromised device displays a bogus lock screen with no option to close it, covering the ongoing malicious activity beneath it.

Picture3

This is when the permission to mimic the user’s clicks comes in handy – the malware is now free to download, install, execute and activate device administrator rights for additional malware without the user’s consent, all while remaining unseen under the fake lock screen. After the app’s secret shenanigans are done, the overlay screen disappears and the user is able to resume using their mobile device – now compromised by the downloaded malware.

Picture4

Has my device been infected? How do I clean it?
If users think that they might have installed this fake Flash Player update in the past, they can easily verify by checking for ‘Saving Battery’ under Services in the Accessibility menu. If listed under the services, their device may very well be infected. Denying the service its permissions will only bring users back to the first pop up screen and will not get rid of Android/TrojanDownloader.Agent.JI.

To remove the downloader, try manually uninstalling the app from Settings -> Application Manager -> Flash-Player. In some instances, the downloader also requests the user to activate Device administrator rights. If that turns out to be the case and user can’t uninstall the app, deactivate the administrator rights by going to Settings -> Security -> Flash-Player and then proceed with uninstalling.

Even after doing so, the device might still be infected by countless malicious apps installed by the downloader. To make sure the device is clean, ESET recommends using a reputable mobile security app, such as ESET Mobile Security & Antivirus, as a hassle-free way to detect and remove threats.

How to stay safe
To avoid dealing with the consequences of nasty mobile malware, prevention is always the key. Apart from sticking to trustworthy websites, there are a couple more things users can do to stay safe.

If downloading apps or updates on browser, always check the URL address to make sure it’s installing from the intended source. In this particular case, the only safe place to get Adobe Flash Player update is from the official Adobe website.

After running anything installed on a mobile device, pay attention to what permissions and rights it requests. If an app asks for permissions that don’t seem adequate to its function, don’t enable these without double checking.

Last but not least, even if all else fails, a reputable mobile security solution will protect your device from active threats.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

WhatsApp Now Transcribes Voice Messages on Android

Published

on

Calling all Android users who dread lengthy voice messages: rejoice! WhatsApp is rolling out voice message transcription to its beta app.

This feature, already available for iOS users since May 2024, is now part of the WhatsApp Beta version 2.24.15.5 for Android. It automatically converts voice messages into text, making it easier and faster to understand conversations.

Currently, transcriptions are supported in five languages: English, Spanish, Portuguese (Brazil), Russian, and Hindi, with more languages promised in the future. Users opting in will need to download an additional data package to ensure all transcripts are generated directly on their devices, maintaining message privacy.

This update brings Android users closer to iOS users in terms of features and highlights WhatsApp’s commitment to improving the overall user experience.

Continue Reading

Apps

WhatsApp Trials AI Image Generator

Published

on

Calling all creative minds! WhatsApp is testing a new feature that uses AI to generate personalized avatars. Imagine yourself as a superhero, chilling on a beach, or even exploring space – the possibilities are endless! WABetaInfo discovered this feature in the latest Android beta update.

Here’s the tech behind the magic: a combo of user images, text descriptions, and Meta’s powerful AI, Llama. “Take photos of yourself once, then imagine yourself in any setting from the forest to outer space,” reads the screenshot on WhatsApp. The way it works is in the Meta AI Chat: users can type “Imagine in…” or “@Meta AI imagine me…” as a text prompt. A user’s likeness will then be used to generate the personalized image.

While there’s no official release date yet, this exciting feature is entirely optional. It joins the recently launched in-app custom sticker maker, showcasing WhatsApp’s commitment to fostering creativity within the app. This, alongside their ongoing development of AI chat functionalities, highlights Meta’s focus on making WhatsApp a platform that embraces both technological innovation and user expression.

Continue Reading

Apps

YouTube’s New Eraser Tool Now Removes Songs Without Ruining Your Videos

Published

on

Good news for creators! YouTube has rolled out a major update to its eraser tool, allowing them to effortlessly remove copyrighted music from their videos without sacrificing other audio elements like dialogue or sound effects.

In a recent video, YouTube acknowledged that the previous version of the tool needed improvement in terms of accuracy. This new iteration addresses that concern by utilizing an AI-powered algorithm that precisely detects and removes unwanted songs while leaving the rest of the audio intact.

However, YouTube’s support page advises creators that the algorithm might not always achieve perfect separation. As an alternative, creators can opt to “Mute all sound in the claimed segments,” effectively silencing any portions potentially containing copyrighted material.

Once the edit is finalized, YouTube automatically removes the content ID claim, a system designed to identify the use of copyrighted material within videos on the platform. This allows creators to proceed with their uploads without copyright concerns.

Continue Reading
Advertisement

Latest Reviews

Follow us on Facebook