Security experts from Kaspersky Labs have discovered that the Android Trojan called Guerilla can overcome the anti-fraud mechanisms of the Google Play Store.
Guerilla is a major concern for the Android system
Experts from Kaspersky Labs discovered the Android Trojan Guerilla that can overcome the protection measures of the Google Play Store. The malware uses a rogue client application that mimics ordinary human behavior. This allows the malicious developers to execute unlawful advertising campaigns using infected devices. The results of these campaigns lead to the download, installation, and rating of mobile applications published on the Google Play Store platform.
Guerilla can be used in the so-called Shuabang campaigns that are popular in countries like China and India. These types of activities are the fraudulent advertisement that promotes legitimate applications on the Google Play Store by granting them high ratings and comments from users. Criminal tactics include the creation of multiple users or hacking user accounts. The Guerilla Trojan is a very efficient tool in the hackers hands as it can be used to execute large campaigns upon infection of the victim machines. At the current moment, the Android platform doesn’t have advanced security measures that can deal effectively with such threats.
Guerilla is distributed through the Leech rootkit, a malware that gives the attacker privilege access on the victim devices. With permission to tamper with the system files, the hackers can easily access the victim account credentials and infect them with Guerilla.
The security experts note that the criminals are very careful when working with the Trojan to avoid detection by Google. These instructions are issued as a security measure against possible infections:
- Restrict the installation of apps from sources different to official app stores.
- Use proven protection solutions to defend your Android-based device from malware and other cyberthreats.
- Don’t root your Android device.