For those of you who have online stores or buyers of online stores, you should be on the alert. Because recently Kaspersky, a global cyber security company, found a Trojan application that terrorizes online sellers and buyers.
The application, named Trojan Shopper, spreads a number of annoying advertisements and provides fake reviews on popular shopping applications to trick online application users and advertisers.
“The latest Trojan application is able to launch its action by increasing the installation and ranking of popular shopping applications, as well as spreading a number of advertisements that can interfere with users,” Kaspersky malware analyst Igor Golovin was quoted as saying in his statement on Wednesday (1/15/2020).
The highest share of users infected by the Trojan Shopper application from October to November 2019 is in Russia. The number was quite surprising, as many as 28.46% of users were influenced by the shopaholic application located in the country. Furthermore almost one fifth (18.70%) of infections are in Brazil and 14.23% in India.
Not yet known how this dangerous application is spread. But Kaspersky researchers argue that the application was downloaded by the device owner from a fake ad or a third-party app store.
Once downloaded, this application masquerades as a system application and uses a system icon named ConfigAPK to hide itself from the user.
After the screen is unlocked, the application immediately acts to collect information about the victim’s device and send it to the cyber crime server. The server then returns the command to be executed by the application.
Depending on the command of the cyber criminal, this malicious application can do the following:
Use the Google or Facebook account of the device owner to register on popular shopping and entertainment applications, including AliExpress, Lazada, Zalora, Shein, Joom, Likee, and Alibaba;
– Reviewing applications on Google Play on behalf of the device owner;
– Check the right to use Accessibility Services. If permission is not given, it sends them a phishing request;
– Turn off Google Play Protect, a feature that runs security checks on applications from the Google Play Store before downloading;
– Open a link received from a remote server in an invisible window and hide themselves from the application menu after a number of screens have been blocked;
– Showing ads when unblocking the device screen and creating labels to spread ads on the application menu
– Downloading the application from Apkpure [.] Com ‘market’ and installing it.
– Open and download applications that are advertised on Google Play;
– Replace the label of the installed application with the label of the advertised page