Translated by
2020/01/14 08:30:23

Fake (fake) reviews and comments

2020: Russians are attacked by the Trojan creating fake responses about applications in Google Play

On January 10, 2020 the Kaspersky Lab company announced detection of the Trojan using which malefactors distribute numerous advertisements and without the knowledge of owners install different applications on their devices and also leave fake comments in Google Play from their name.

According to Kaspersky Lab, most often in December, 2019 the malware which received the name Shopper attacked the Russian users. Their share made 31%. On the second place there was Brazil from 18% of the infected users, and on the third — India from 13%.

The Trojan operates the support service of special opportunities of Google Accessibility Service created with the purpose to facilitate use of applications to physically disabled people. Service, for example, allows to read the text in an applications interface that people who cannot read could hear their contents. However malefactors use its opportunities for interaction with the system interface and applications. Shopper can intercept the data appearing on the screen, to click and even to imitate gestures of the user.

Experts of Kaspersky Lab assume that the Trojan can get on the device from fraudulent advertisements or from third-party app stores in attempt to download allegedly legitimate program. The malware pretends to be the system software, for example services for cleaning and acceleration of operation of the smartphone, and masks under the application with the name ConfigAPKs. The Trojan collects information on the device of the victim and sends it to servers of malefactors, and then receives commands as a result of which execution implementation of the following scenarios is possible:

  • Google - or Facebook accounts of the owner of the device can be used without his permission for registration in applications for shopping or entertainment;
  • fake responses on applications can be created;
  • the Google Play Protect function which checks for security of the application from Google Play shop prior to loading can be switched off;
  • the links received from a remote server in an invisible window can be opened;
  • numerous windows with advertizing can jump out and be created labels for advertisement supplements in the menu of applications;
  • without the knowledge of the owner from Google Play applications can be downloaded and set;
  • labels of installed applications can be changed to labels of advertizing pages.

"As of January, 2020 Shopper is generally aimed at online stores, and its action is limited to advertizing distribution, creation of fake responses and a podtasovyvaniye of ratings, but there are no guarantees that his authors will stop on it and will not modify a malware, adding to it new features. Anyway, we recommend to users to show consideration for from what resources they download applications and, whenever possible, to install the protective solution on the smartphone to minimize risks of infection",

'Igor Golovin, the anti-virus expert of Kaspersky Lab noted'

To reduce risk of infection with similar threats, it is recommended to users:

  • it is attentive to check those programs which ask access to Accessibility Service Google service;
  • not download the application from third-party sources even if they are actively advertized;
  • use the reliable mobile protective solution which is able to distinguish potentially dangerous or doubtful requests from applications and explain the risks connected with different types of permissions.