A dangerous new Android malware is making the rounds this week. The “Kemoge” Android malware is downloaded from third-party app stores and websites and gains root access privileges to your device instantly.
The frightening new malware was discussed this past Wednesday in a post on FireEye.com. Researchers at FireEye claimed that the app works like this:
How Does Kemoge Work?
–Kemoge is installed when you inadvertently download it from third-party websites. The malware uses well-known app icons to mask itself as popular apps – like icons for free premium Android apps.
-After you install the app, it immediately begins to exploit as many as eight different Android vulnerabilities. These vulnerabilities allow the app to gain deep root access privileges.
-After gaining root access privileges, the app launches code libraries that mimic legitimate Android services, tricking your phone into thinking they’re legitimate processes. It mimics code libraries like com.facebook.qdservice.rp.provider as well as com.android.provider.setting. By mimicking these processes, Kemoge malware gets a permanent foothold on your phone.
-Surprisingly, the malware also features code within it that uninstalls antivirus software like the Lookout antivirus app, which is a legitimate antivirus software. Although Lookout does not yet detect the Kemoge virus, Kemoge likely uninstalls Lookout in anticipation of future updates against the virus.
-Once the app has lodged itself on your mobile device, it notifies various servers. These servers have the potential to tell your phone to perform various malicious functions.
How to Avoid the Kemoge Malware
Avoiding the Kemoge malware is easy: don’t download apps from outside the Google Play Store.
I don’t know how many times we have to explain this before people start realizing how important it is. Unless you’re 100% sure of the source of your download, and 100% trust the app’s author or the website, don’t download apps from outside the Google Play Store.
The Play Store has countless built-in security measures that make it the most secure app store in the mobile world today. When you download from outside the Play Store, you miss out on all of those security measures. Don’t do it.
How to Get Rid of this Malware
With most bad Android viruses, you can simply do a factory wipe to get rid of it.
Unfortunately, that’s not the case with the Kemoge malware. Factory wipes only get rid of user-specific data in /data, while leaving the /system folder intact. The root exploit modifies the /system folder, so it doesn’t help you.
The best way to get rid of Kemoge is to reflash your phone. However, even this is not a 100% certain way to get rid of the malware. It may still survive a reflash. At this point, however, it’s your only option for getting rid of Kemoge.