New Malicious Adware from China, 'Kemoge,' Discovered Attacking Android Devices

A new malicious adware, allegedly from China and dubbed the "Kemoge," has been discovered attacking Android devices in over 20 countries around the world.

Researchers from American security firm FireEye Labs have recently pinpointed a new type of malicious adware bundled in repackaged apps available from third party stores, which attacks by completely taking over devices it infects.

Named "Kemoge" after the command and control server where it was originally traced from, the adware is believed to have been "written by Chinese developers or controlled by Chinese hackers," and is currently being spread across Android devices on a global scale, representing a significant threat to mobile security.

"Kemoge" hackers upload infected popular apps to third party app stores and promote these apps via ad networks that themselves infect users' devices when they are installed online.

FireEye named some of the repackaged ads, which include Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, ShareIt, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enchancer, and Light Browser.

The infected ad networks immediately access and gain root privileges in an infected device, and automatically install malware. Aggressively collecting the device's information, "Kemoge" then uploads it to a server where it begins to serve ads that choke the infected device's home screen.

"Kemoge" also uploads a multiple-encrypted .zip file made to look like an .mp4 file, which then decrypts, and unloads eight root exploits, which further infiltrates the device's system, transmitting installed app info, storage info, IMSI, and IMEI to the remote server of

The server then sends a commands for "Kemoge" to uninstall the infected device's anti-virus apps, as well as launch, download, or install apps that can be used to further attack the device.

FireEye issued warnings to Android device users not to click on suspicious links, whether from SMS, emails, ads, or websites, or install apps not found in official app stores. Users should also keep their devices updated, and upgrade to the latest OS version for their device to provide some measure of security.

According to FireEye, the server currently remains up and running.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.

Free Religious Freedom Updates

Join thousands of others to get the FREEDOM POST newsletter for free, sent twice a week from The Christian Post.

Most Popular

Free Religious Freedom Updates

A religious liberty newsletter that is a must-read for people of faith.

More Articles