New Android malware obtains Root permission to uninstall Security Software
FireEye Labs's security researchers have discovered a Chinese family of Android malware that is rapidly spreading to more than 20 countries around the world. Its Command Control Server (CC) domain name is aps.kemoge.net, therefore, it is named Kemoge. Kemoge repacks valid applications as legitimate applications and uploads them to a third-party app store. Through websites and advertising, once installed, Kemoge collects device information and uploads it to the advertising server, then, they use advertisements to bomb users. Kemoge is annoying at first, but soon it will become evil. The partition is implanted into the system partition/system. After being implanted into a system partition, you cannot erase malicious programs by restoring the device factory settings. The malicious program then contacts aps.kemoge.net to obtain the command, and uploads IMEI, IMSI, storage information, and application installation data to the CC server. The CC server sends back the command to uninstall the security application and popular legal applications. The sample code analyzed by the researchers contains all simplified Chinese characters and found a Chinese developer named Zhang Long.