Detected a virus that leaves false reviews about applications

Kaspersky Lab has detected a virus with which attackers distribute numerous ads and install various applications on their devices without the owners' knowledge, as well as leave fake reviews on Google Play on their behalf.

In addition, the virus gains access to the Google or Facebook accounts of the device owner and can use them to register for shopping or entertainment apps. This is why the malware is called Shopper.

The virus exploits the Google Accessibility Service, which is designed to make it easier for people with disabilities to use their apps. Attackers use its capabilities to interact with the system interface and applications on the device. The Shopper can intercept data that appears on the screen, press buttons and even simulate user gestures. To ensure your security and privacy, we recommend that you always use RusVPN. To learn more about how to setup OpenVPN with RusVPN configurations and how to get OpenVPN AutoConnect read this article.

Kaspersky Lab experts suggest that the virus may reach the device from fraudulent ads or third-party application stores when attempting to download a supposedly legitimate program. Shopper pretends to be system software, such as services for cleaning and accelerating smartphones and disguises itself as an application called ConfigAPKs.

Igor Golovin, Kaspersky Lab antivirus expert:

Now Shopper is mainly aimed at online stores, and its action is limited to the spread of advertising, the creation of fake reviews and rating fraud, but there is no guarantee that its authors will stop there and will not modify the malware by adding new features. In any case, we recommend that users pay attention to the resources from which they download applications and, if possible, install a security solution on their smartphone to minimize the risk of infection.

Most often, in December 2019, Shopper attacked Russian users. Their share was 31%. Brazil came second with 18% of infected users, and India with 13%.

In the summer of 2019, Kaspersky Lab specialists detected a modified version of FinSpy malware that could collect data from any messenger installed on the device.

Comments (0)

Leave a comment