EXCITING NEWS: TNG WhatsApp Channel is LIVE…
Subscribe for FREE to get LIVE NEWS UPDATE. Click here to subscribe!
Savvy Internet users know not to click on strange links, but malvertising, malicious code, Ks Cleaner hidden within otherwise innocuous advertisements, presents a more pernicious problem, especially for smartphones.
A new malvertising campaign isn’t content to just redirect your web browser to unsafe sites. If you’re using an Android phone, it downloads and installs an Android app that can compromise your entire phone, with no known panacea.
The trap is easy to avoid, but once it’s sprung, it’s sprung for good.
Zscaler ThreatLabZ team, a San Jose, California-based security firm discovered the issue while scouring the Godlike Productions forums, a hotbed of UFO and conspiracy theory activity.
Advertisements on the forum automatically install an Android APK known as ‘kskas.apk’ to users’ phones. The program calls itself ‘Ks Clean’ and promises to clean out Android device.
Once installed, though, it claims that the phone is vulnerable to a security loophole and requires an update to safeguard the device, the update, of course, is in reality another app, and a much more malicious one. This one requires administrative privileges to install, which means that the ‘update’ app can control your phone at the deepest level.
Once installed, the update app takes no interest in either cleaning your system or plugging security gaps. Instead, it plasters your home screen with obnoxious advertisements.
While it doesn’t seem to be anything more malicious than that at the moment, it does communicate to its masters using a fairly complex command-and-control server, and could distribute actual malware if its creator so desired.
What you need to do
The good news is that avoiding the problem is extremely simple, and you may not even be susceptible to it in the first place.
In order for apps from sources other than the Google Play store to be installed, users must go into Security–>Settings and allow apps from “Unknown Sources.” That function is a security risk, and is disabled by default.
Still, if you use third-party app stores (like 1Mobile Market or the Amazon Appstore), you have already enabled Unknown Sources that is!
To disable the feature, check your phone’s settings. Enabling and disabling third-party app installation will be under the Security menu, although that menu’s location may vary depending on your phone.
If you have visited the forum, it means you are already infected.
Uninstalling the app is impossible, since ‘update’ controls the device at an administrative level.
Any attempt to get rid of it forces the phone into a lock screen, and at the time of writing, there’s no way around it.
Your only recourse is to perform a factory reset on the phone, and depending on how much data you have saved on your device, this could range from inconvenient to disastrous.
If you have to keep installing third-party apps, you can still avoid this particular menace by just denying Ks Cleaner or its update permissions when they try to install.
A good Android antivirus program should also catch the app and quarantine it before it has a chance to do any damage.
As for Godlike Productions, Zscaler was unable to find the particular ads that triggered the malicious APK.
Stay safe! To share with your loved ones, hit the share buttons below.