A report published by digital forensics experts from Kaspersky details the activity of “Shopper”, a recently detected malicious app. According to this report, the malware hidden in this app has already infected almost 15% of smartphone users in India. The malware was also detected in countries such as Brazil, Russia, among others.
This app was developed to increase the ratings of shopping apps, spread ads and install apps on infected devices without the consent of affected users. In addition, the malware also has the ability to spread misinformation through social networks and other online platforms.
After the app is installed, and the user grants some permissions the malware begins to interact with the system interface and the rest of the installed apps to collect information displayed on the screen, automatically press icons and even imitate some of the victims’ most used gestures, plus Shopper can hide its icon on the apps menu.
The collected information is sent to a hacker-controlled server. As if that weren’t enough, digital forensics experts claim that, after completing the infection, Shopper is able to display ads on the smartphone screen automatically as soon as the user unlocks their device.
Using a remote command, hackers abuse the victim’s Facebook and Google accounts to sign up for shopping websites and entertainment platforms like Dailyhunt, AliExpress, among others and even post reviews on the Play Store on behalf of the affected user. Hackers can also create shortcuts to external websites and even replace legitimate app icons with shortcuts to other sites. Shopper is also able to disable Google Play Protect, a feature to verify the security of apps downloaded from official platforms.
The number of affected users has reached six figures. In the report, Kaspersky’s digital forensics specialists say that, in India there are around 400 million mobile phone users, mostly very unfamiliar with security issues, which facilitates the work of hackers who develop apps such as Shopper in order to trick users and stealing money and confidential information.
The International Institute of Cyber Security (IICS) says India has been the second country with the most victims of cybercrime for at least three years, so it is not surprise that hackers keep targeting this part of the world.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.