Connect with us

Apps

Android Trojan Mimics User Clicks to Download Malware

Published

on

Android users have been exposed to a new malicious app imitating Adobe Flash Player that serves as a potential entrance for many types of dangerous malware. The application, detected by ESET security software as Android/TrojanDownloader.Agent.JI, tricks its victims into granting it special permissions in the Android accessibility menu and uses these to download and execute additional malware of the attackers’ choice.

According to ESET’s analysis, the trojan targets devices running Android, including the latest versions. It is distributed via compromised websites, including social media sites. Under the pretense of safety measures, the websites lure users into downloading a fake Adobe Flash Player update. If the victim falls for the legitimate-looking update screen and runs the installation, they have more deceptive screens to look forward to.

How does it work?
The next phony screen pops up following successful installation, claiming “too much consumption of energy” and urging the user to turn on a fake “Saving Battery” mode. Like most malicious pop ups, the message won’t stop appearing until the victim gives in and agrees to enable the service. This opens the Android Accessibility menu, showing a list of services with accessibility functions.

Picture1

Among the legitimate ones, a new service (created by the malware during installation) named “Saving battery” appears. The service then requests permissions to monitor users actions, Retrieve window content and Turn on Explore by Touch – all crucial for future malicious activity, enabling the attacker to mimic the user’s clicks and select anything displayed on users screen.

Picture2

Once the service is enabled, the fake Flash Player icon hides from the user. However, in the background, the malware is busy contacting its C&C server and providing it with information about the attacked device. The server responds with a URL leading to a malicious app of the cybercriminals’ choice – in the detected case, a banking malware (though it could be any malware ranging from adware through spyware, and on to ransomware). After acquiring the malicious link, the compromised device displays a bogus lock screen with no option to close it, covering the ongoing malicious activity beneath it.

Picture3

This is when the permission to mimic the user’s clicks comes in handy – the malware is now free to download, install, execute and activate device administrator rights for additional malware without the user’s consent, all while remaining unseen under the fake lock screen. After the app’s secret shenanigans are done, the overlay screen disappears and the user is able to resume using their mobile device – now compromised by the downloaded malware.

Picture4

Has my device been infected? How do I clean it?
If users think that they might have installed this fake Flash Player update in the past, they can easily verify by checking for ‘Saving Battery’ under Services in the Accessibility menu. If listed under the services, their device may very well be infected. Denying the service its permissions will only bring users back to the first pop up screen and will not get rid of Android/TrojanDownloader.Agent.JI.

To remove the downloader, try manually uninstalling the app from Settings -> Application Manager -> Flash-Player. In some instances, the downloader also requests the user to activate Device administrator rights. If that turns out to be the case and user can’t uninstall the app, deactivate the administrator rights by going to Settings -> Security -> Flash-Player and then proceed with uninstalling.

Even after doing so, the device might still be infected by countless malicious apps installed by the downloader. To make sure the device is clean, ESET recommends using a reputable mobile security app, such as ESET Mobile Security & Antivirus, as a hassle-free way to detect and remove threats.

How to stay safe
To avoid dealing with the consequences of nasty mobile malware, prevention is always the key. Apart from sticking to trustworthy websites, there are a couple more things users can do to stay safe.

If downloading apps or updates on browser, always check the URL address to make sure it’s installing from the intended source. In this particular case, the only safe place to get Adobe Flash Player update is from the official Adobe website.

After running anything installed on a mobile device, pay attention to what permissions and rights it requests. If an app asks for permissions that don’t seem adequate to its function, don’t enable these without double checking.

Last but not least, even if all else fails, a reputable mobile security solution will protect your device from active threats.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

WhatsApp May Be Building a new Communities Feature

Published

on

WhatsApp may be working on a new “communities” feature that allows group admins greater control. With the feature, admins will be able to create separate clusters of people within a group, who are tied to specific activities. For example – some people might be interested in movies, others in music, and group admins can filter them to specific communities.

Group admins can also invite other people into the community by using a link, which can be shared publicly or privately. Another thing to note is that you may not be able to interact with all groups within a community when you join.

The feature was first spotted by XDA Developers and now WABetaInfo has also seen evidence on a recent test build. This means that the feature has not hit Beta channels yet, and is currently being worked on. While unknown at this time, WhatsApp may also ship some advanced tools for group admins when it is released.

WhatsApp will also differentiate Groups from Communities using subtle design cues, like using a square profile image with rounded borders for Communities while maintaining the circular profile image for Groups.

Recently, WhatsApp announced a slew of new features that will roll out on the platform very soon. This includes new Undo buttons while editing images or video, an option to convert stickers into images, a new control bar for videos that use Picture-in-Picture (PIP), an option to enable notifications for reactions, and new privacy settings that gives you more control over your profile and info.

Continue Reading

Apps

MakeMyTrip and Amazon Pay Partner up to Offer Travel Services

Published

on

Amazon Pay and MakeMyTrip India, a fully owned subsidiary of Nasdaq-listed MakeMyTrip Ltd, have announced a strategic partnership offering travel services on Amazon.in on a long-term basis. The booking options will be available across Amazon’s mobile app and website.

The partnership is likely to help Amazon Pay provide value to its customers with access to MakeMyTrip’s travel offerings. Rajesh Magow, co-founder and Group CEO of MakeMyTrip, said, “There is an accelerated digital shift happening as a result of the pandemic and through this partnership, we look forward to making travel bookings extremely convenient for new adopters, thereby increasing the online penetration of travel bookings.”

Mahendra Nerurkar, CEO & VP, Amazon Pay India, added, “Our partnership will benefit our customers, allowing them to choose from the offerings and services across the country, followed with the ease of using Amazon Pay, facilitating a seamless journey.”

MakeMyTrip will be able to expand its distribution via Amazon Pay’s large customer base, especially in smaller cities and towns and accelerate online booking of travel services across the country. Amazon Pay aims at smoothening the booking and travelling experience for customers, extending the convenience of making online transactions from anywhere to anyone instantly.

Amazon Pay which has a co-branded credit card with ICICI Bank will also let customers earn cashback rewards on bookings and with Amazon Pay Later customers can book tickets and pay next month with no interest.

Customers can also use different payment modes on Amazon Pay, including Amazon Pay Balance & Amazon Pay UPI to make their payments frictionless. Booking of bus services via Redbus is already live on Amazon.in and other travel services powered by MakeMyTrip will be going live over the next few months.

India’s online travel services market in is likely to touch $56 billion by 2024 with MakeMyTrip, Airbnb Inc., Cleartrip Pvt. Ltd., and Yatra Online Inc, being the key players in the segment, said Technavio, a technology research firm.

Continue Reading

Apps

Al-Futtaim Launches New Car Subscription Service in the UAE

Published

on

Al-Futtaim has announced the launch of its new car subscription service, MOOV By Al-Futtaim, aimed at providing convenient and sustainable mobility for the growing demand from customers across the UAE. Championing a “your car, your way” approach, MOOV By Al-Futtaim primarily caters to the modern consumer’s ever-changing lifestyle and pursuit of practicality.

Through MOOV By Al-Futtaim, subscribers can tailor a package with flexibility and pricing to suit them, a driving period of one to 18 months, as well as a monthly mileage allowance from 2,000 to 5,000 kms. By taking a short-term and no-commitment subscription, users can access a wide variety of car models and trims, all of which are 100-point checked and delivered straight to their door at no extra charge.

The MOOV By Al-Futtaim portal provides choice, flexibility, affordability, and convenience at the user’s fingertips; its seamless online experience guarantees easy booking, with subscribers enjoying full transparency throughout their journey and a paperless process for convenience and sustainability.

Paul Willis, CEO at Al-Futtaim Automotive said: “Al-Futtaim’s entrepreneurship and relentless customer focus enables us to continue to expand and diversify our mobility offering, responding to our customers’ changing needs. With MOOV By Al-Futtaim, we are at the forefront of this increased industry focus on sustainability and will address the growth in market demand for accessible, sustainable mobility. Automotive is no longer a traditional industry, therefore we are adapting our offering through technology and innovative business concepts to address the new demands of our consumers and ultimately how they use their cars. MOOV By Al-Futtaim is the first of many innovations to come.”

According to market trends data firm Statista, UAE consumers are shying away from big-ticket investments, including cars, in a post-pandemic world. The Method Research has found that, despite declining car prices in 2020-2021, many consumers are still unable to afford or are unwilling to commit to buying a new vehicle. Subscription businesses such as MOOV By Al-Futtaim can provide consumers with value, convenience, and personalised offerings while fostering stability and growth.

“The younger generation’s willingness to commit to buying and leasing a car is low and declining. By offering subscribers a service whereby they can schedule convenient drop-offs and collection, transparent pricing and a secure booking and payment system, MOOV By Al-Futtaim provides the youth with a transparent and 100% paperless platform ensures we are addressing the evolving consumer needs,” Willis concluded.

MOOV By Al-Futtaim also features 24-hour roadside assistance, in addition to maintenance, service, insurance and convenient vehicle replacements. In addition to receiving the vehicle at their doorstep at no extra cost, subscribers have the option of switching to an available car model of their choice throughout their subscription period.

Continue Reading
Advertisement
Advertisement
Advertisement
Advertisement

Latest Reviews

Follow us on Facebook