This malware is spotted spreading worldwide quickly, and it allows the complete compromise and takeover of the targeted Android device. The malware has turned up in countries such as the U.S., China, Singapore, Indonesia, Russia, England, and France.
A list of popular applications that have been repackaged with Kemoge are:
Other adult applications.
On the initial launch of the adware, Kemoge collects device information and uploads it to the server. Then it starts serving ads from the background, which appear all the time, even on the home screen. After that, Kemoge delivers a .zip payload to the devices, which is encrypted multiple times and is made to look as an .mp4. file. After gaining persistent root, it infiltrates itself further into the system with names similar to the launcher service or other services such as the ones from Facebook or Google.
To avoid malware:
- Never click on suspicious links from emails/SMS/websites/advertisements.
- Don’t install apps outside the official app store.
- Keep Android devices updated to avoid being rooted by public known bugs. (Upgrading to the latest version of OS will provide some security, but it does not guarantee that you will remain protected.