Chinese-linked Hackers Suspected Of Smartphone Hijacks

A new malicious adware family is quickly spreading across Android mobile devices and China-based cybercriminals are allegedly behind the widespread attack.

A new malicious adware family is quickly spreading across Android mobile devices and China-based cybercriminals are suspected to be behind the widespread attack.

Mobile researchers from cybersecurity firm FireEye released their findings on the new threat, called Kemoge, and its ability to manipulate a complete takeover of a user’s mobile device.

“The infection range is wide with identified victims from more than 20 countries, including governments and large-scale industries,” FireEye researcher Yulong Zhang said in a company blog post today (Oct. 7).

“This malicious adware disguises itself as popular apps via repackaging, so it propagates widely,” Zhang added.

The cybercriminals responsible for Kemonge, believed by FireEye to be written by Chinese developers or controlled by Chinese hackers, are uploading the disguised malware to third-party app stores where they are promoted by download links via websites and in-app ads.

[bctt tweet=”Are Chinese hackers at it again? FireEye discovered a new malware attack possibly originating from the country”]

FireEye confirmed that upon installation Kemoge immediately starts collecting information specific to the device and then uploads the data to an ad server, it then begins broadly distributing infected ads from the background.

Victims have reported seeing an influx of ad banners despite their current activity on the device, with some ads even popping up while the user is on the Android home screen.

Since the malware is said to be quickly spreading on a global scale, FireEye emphasized the significant threat posed to Android device owners.

This is certainly not first time FireEye has identified a major cyberattack originating from China.

Earlier this year the firm traced the roots of the massive attack on the U.S. Office of Personnel Management (OPM) to an unnamed group of Chinese hackers that specialized in stealing “personally identifiable information,” or PII data.

Though the U.S. government has yet to formally identify a responsible party for the OPM attack, which compromised security clearance data of an estimated 21.5 million federal employees and contractors, Senator Harry Reid previously mentioned a Chinese role in the OPM attack on the Senate floor.

The Chinese government, of course, continues to deny all accusations.

“Chinese law prohibits hacking attacks and other such behaviors which damage Internet security,” China’s Foreign Ministry said in a statement earlier this year. “The Chinese government takes resolute strong measures against any kind of hacking attack. We oppose baseless insinuations against China.”

[bctt tweet=”Cybercrime is costing U.S. companies in a major way “]

While there may never be a clear answer on where these types of attacks are coming from, one thing is clear – they are costing impacted companies big time, both financially and in the form of data loss.

According to a recent study by the Ponemon Institute, the average annual cost of cybercrime stands at $15.4 million per large U.S. company, representing a 19 percent jump from $12.7 million a year ago, The Washington Post reported yesterday (Oct. 6).

Over the six years since the Ponemon Institute first started measuring the number in its study, it has increased 82 percent. The measure of the true cost of cybercrime incidents includes the money companies must spend on detection, recovery, investigation and attack-response when cybercrimes take place.

The study found that cybercrime costs across the sample of 58 U.S. companies it surveyed varied drastically, ranging from $1.9 million to $65 million with the overall average rising 22 percent. While the average annual cost of cybercrime on a global scale has swelled 1.9 percent over the last year to $7.7 million.

Andrzej Kawalec, chief technology officer for Hewlett-Packard’s HP Enterprise Security, which sponsored the study, said: “As an industry we’re getting better, but attacks are becoming much more invasive and sophisticated.”