June 12, 2017 By Douglas Bonderud 2 min read

Android apps are gaining ground. AdWeek noted that of the 17.2 billion mobile apps downloaded in Q1 2016, more than 11 billion were for Google’s operating system (OS). While games remain the top category across both Android and iOS, there’s a growing focus on security.

Users are concerned about the threat posed by third-party apps, malicious emails and mobile ransomware. So it’s no surprise that a new threat known as Ks Clean — malware masquerading as an Android cleaning app — is using dirty tricks to grab device administrative rights.

Saying OK to OS Access

Bleeping Computer explained the new malware, which was first spotted by researchers from security firm Zscaler, hides in compromised ads on the GodLikeProductions website forum. Ads displayed on the forum would automatically download a malicious Android application package (APK) to user devices without any notification.

Clicking on the new app brings up some typical install information and then generates a pop-up that looks like a security update warning. It’s not, but users are only given one choice to close the window: OK.

This allows Ks Clean to download a second file simply called “update,” which asks for admin rights and allows the app to display advertisements at will. Although multiple complaint threads emerged on GodLikeProductions, most were either ignored or deleted, allowing the malware to spread.

Fighting for Android Malware Removal

So far, the scope of this Android malware remains fairly limited, with just over 300 instances detected across the U.K. and U.S., The Register noted. The problem? It’s incredibly persistent.

Here’s why: If users are experiencing large numbers of random pop-up ads, tracking the problem to Ks Clean’s security update isn’t a difficult task, but revoking admin rights is a nightmare. While it’s usually no problem to remove apps from the admin group, this new malware variant leverages a programming trick to freeze user devices every time deletion is attempted, making it impossible to remove without flashing the device.

The Good News

Thankfully, there is a silver lining. This kind of forced-approval infection only works on devices that have auto download enabled in their mobile browsers and have turned on the “Unknown Sources” option in Android security settings, which allows the installation of apps from outside the Play Store ecosystem. Typically, this option is off by default, limiting the risk for most mobile users.

But with rooting and jailbreaking phones becoming more common in a mobile-savvy tech market, there’s a bigger threat here than just terrible ads displayed at random. Imagine the havoc if supposed security updates downloaded sophisticated ransomware that gained admin privileges and was impossible to remove. The small-scale debut of Ks Clean suggested that current infections are effectively test runs rather than full rollouts.

Malicious actors are well aware of the social cachet carried by official security updates. Combined with the dirty trick of no-refuse update warnings, there’s real potential here for admin-enhanced mobile malware that does more than just serve up annoying advertisements.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today