KSKAS Malware Spreads Through Drive-By Downloads

ZScaler has found a new Android malware, bearing an APK file name of KSKAS.apk, that attempts to automatically download itself to users' devices, then seeks administrator permissions to display ads, among other malicious functions. It all begins with a "drive-by download," where a site pushes a download to a device without the device asking for it. While most browsers either save a downloaded file for a user to decide what to do with later or ask the user how to proceed, drive-by downloads of this nature normally begin the APK installation process automatically. The app will present itself as "KS Clean." Denying the installation is enough to stay safe, for the most part, but users that are fooled into installing the app will be greeted by a pop-up on their home screen prompting them to take an update for security reasons. Clicking OK will lead to the installation of a second app, which contains the malicious payload.

Once the second app is installed, it will immediately prompt the user for administrator privileges. If those privileges are granted, the app has all the permissions that it needs to compromise a user's device. On the surface, it just shows the user advertisements in various places. The push for administrator privileges is a jarring hint toward what it may actually be doing in the background, as well as a laundry list of suspicious permissions like drawing on top of other apps. ZScaler's researchers dove into the APK file and watched the app in action in an emulator. Behind the scenes, it phones home to a control server, and pulls a wide range of information on a user's device. Attempting to disable administrator privileges will simply freeze up the device temporarily.

As with most Android malware, one of the biggest points to stress as far as staying safe is to not install anything from outside of the Play Store. If you do install something from outside of the Play Store, make sure you know what it is and that it's coming from a trusted source. This is not foolproof, but is a good precaution to take. If you don't plan to install anything from outside of the Play Store in the near future, the safest bet is to keep Unknown Sources, the option that allows installs from outside the Play Store, turned off. This prevents drive-by installs. If you do happen to end up victimized by this malware or a similar one, unless you happen to have root privileges and know how to remove the malware at the system level despite the administrator status, your only real recourse is a factory reset. Malware is a fairly common phenomena on Android; ZScaler's campaign alone has caught around 300 cases of its software preventing a malware infection in the US and UK alone.

You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now