This site may earn affiliate commissions from the links on this folio. Terms of utilize.

A new piece of Android malware is reportedly making the rounds in equally many as 20 different countries, and if security firm FireEye is to exist believed, it's quite a nasty bit of code. The exploit, known as Kemoge, was spotted masquerading equally a number of legitimate apps, but upon installation it attempts to gain root access on the device, which could permit an assailant to gain consummate control. It sounds bad, just as usual, the truth is a chip less sensational than they'd have you believe.

Kemoge is a course of malicious adware, co-ordinate to FireEye. Information technology borrows the icons from other apps the encourage a user to trust it. The first hurdle for the malware authors to clear is actually getting users to install the app, which is only possible via a third-party app store. That means the user has to download the APK, allow unknown sources in the security settings, then launch the packet. Not exactly an easy process.

The mode Kemoge functions when deployed on a vulnerable device is actually pretty clever. It copies device information and beams it back to a command and control server first, then information technology starts inserting ads into the UI, which tin pop up in any app or even on the home screen. And then that's annoying, simply what it does next is downright malicious. Kemoge contains as many as 8 exploits, which uses in an attempt to root the device. This could give the attacker full control over an infected phone. If the infected device is rooted, Kemoge immediately uninstalls any antivirus apps it finds. The exception would be Google Play Services, which runs Google's antivirus scans. Information technology's impossible to remove Play Services from a device (even with root) if you lot even so desire annihilation to piece of work.

kemoge

Are yous sufficiently frightened now? What's described above is really the worst case scenario. The adware aspect of Kemoge should work on virtually any device, assuming y'all go to the trouble of manually installing information technology. Nevertheless, the root angle is much less certain. FireEye lists several of the root exploits contained in Kemoge, and they're all quite old. In that location's Motochopper, mempodroid, and a few general Linux kernel vulnerabilities. These are relics from the days when an APK could exist used to root your phone. All modern versions of Android should be patched to protect confronting these flaws. Testing was washed with a Nexus seven running Android iv.3 (software from more than two years ago).

Root exploits are hard to develop on Android these days, just they aren't always designed to be malware. Many Android users want root access for their own use, and that'south where a lot of the exploits used by Kemoge come up from — the enthusiast community. Many devices currently on the market don't even have functional root exploits for people who desire to root their phones, and then information technology's unlikely Kemoge has a magical unreleased exploit that tin root your phone.

Bottom line — the old root methods employed by Kemoge don't work on popular phones or people would be using them to intentionally root their devices. We've reached out to FireEye to get clarification on which versions of Android they've confirmed root admission on and volition update when and if they reply.

Your kickoff line of defense from adware attacks similar this is to simply get your apps from the Play Store or from a trusted source like F-Droid or APK Mirror. When you flip the unknown sources switch, you're instantly less safe.

Update: FireEye got back to use and clarified all the exploits it detected in kemoge are public and several years old (2013 and earlier). They should be patched on all newer phones.