New malware writes fake reviews in Amazon & Play Store using your Facebook account

A report published by digital forensics experts from Kaspersky details the activity of “Shopper”, a recently detected malicious app. According to this report, the malware hidden in this app has already infected almost 15% of smartphone users in India. The malware was also detected in countries such as Brazil, Russia, among others.

This app was developed to increase the ratings of shopping apps, spread ads and install apps on infected devices without the consent of affected users. In addition, the malware also has the ability to spread misinformation through social networks and other online platforms.

After the app is installed, and the user grants some permissions the malware begins to interact with the system interface and the rest of the installed apps to collect information displayed on the screen, automatically press icons and even imitate some of the victims’ most used gestures, plus Shopper can hide its icon on the apps menu.

The collected information is sent to a hacker-controlled server. As if that weren’t enough, digital forensics experts claim that, after completing the infection, Shopper is able to display ads on the smartphone screen automatically as soon as the user unlocks their device.

Using a remote command, hackers abuse the victim’s Facebook and Google accounts to sign up for shopping websites and entertainment platforms like Dailyhunt, AliExpress, among others and even post reviews on the Play Store on behalf of the affected user. Hackers can also create shortcuts to external websites and even replace legitimate app icons with shortcuts to other sites. Shopper is also able to disable Google Play Protect, a feature to verify the security of apps downloaded from official platforms.

The number of affected users has reached six figures. In the report, Kaspersky’s digital forensics specialists say that, in India there are around 400 million mobile phone users, mostly very unfamiliar with security issues, which facilitates the work of hackers who develop apps such as Shopper in order to trick users and stealing money and confidential information.

The International Institute of Cyber Security (IICS) says India has been the second country with the most victims of cybercrime for at least three years, so it is not surprise that hackers keep targeting this part of the world.