A China-based mobile app promotion company reportedly created an adware attack that takes total control over victims’ Android devices.
FireEye reported that NGE Mobi/Xinyinhe launched the adware campaign, which involves more than 300 illegitimate, malicious apps, to guarantee downloads of apps the company is paid to promote.
Infections span more than 26 countries and 308 phone models. The adware relies on repackaged popular apps that contain malicious logic and ad components, FireEye stated in a blog post. Once installed on a victim’s device, the adware exchanges the compromised device’s information with its remote servers to ultimately take control.
After gaining root privilege, the adware then downloads and installs a browser app that serves adult content to the victims, further exposing them to possible attacks.