Malvertising Campaign Targeting Android Devices

A malvertising campaign detected on the Godlike Productions forum has been automatically downloading malicious APK files to Android devices used to visit the website. The malicious APK, known as Ks Clean orkskas.apk, masquerades as an Android data cleaning app and exploits the auto-download setting within Android web browsers. If a victim manually launches the downloaded app, it will install itself onto the device and display a pop-up message pretending be a security update. Victims will not be able to close the pop-up and pressing “OK” will result in the installation of a second malicious app. The second app will request administrator access to the device and, once given, the victim will not be able to revoke access. The NJCCIC recommends Android users disable auto-download in every mobile web browser on their devices and turn off the “Unknown Sources” option in their devices’ security settings menu. Already infected devices need to be wiped and restored to factory settings to remove the malware.