Tech and Telecom

NCERT Issues Advisory on Konfety Group’s Malicious Android Apps

The National Computer Emergency Response Team (nCERT) has warned Android users worldwide of a malicious campaign by the Konfety Group, which targeted users with over 200 counterfeit applications on the Google Play Store.

Dubbed the “Konfety Apps” campaign, the operation leveraged Evil Twin apps designed to mimic legitimate software for financial gain through ad fraud. Although Google has removed the malicious apps, nCERT has outlined preventive and remedial measures to safeguard devices against similar threats.

According to the advisory, the campaign involved modified APKs distributed through advertising channels to trick users into downloading the malicious applications. Once installed, these apps acted as droppers, deploying obfuscated stagers and backdoored software development kits (SDKs) to execute harmful operations. Activities included ad fraud, payload installation, and even second-stage malware deployment, posing significant risks to users’ devices and data.

The advisory highlighted that the Evil Twin apps employ advanced obfuscation techniques, enabling them to evade detection by standard anti-malware tools. Their primary objective is to generate fraudulent clicks and impressions for monetary gain. Additionally, these apps exploit unnecessary permissions, leading to unauthorized access to sensitive data and compromising device security.

nCERT has outlined several indicators of compromise (IOCs) that users should watch for, including unusual data consumption, slow device performance, random advertisements, and unexpected network traffic. Users are advised to uninstall any apps from the list provided in Annex-A of the advisory. A factory reset is recommended for affected devices, with backups limited to personal files.

To prevent further infections, nCERT urges users to download applications only from official stores like Google Play or Apple’s App Store, regularly update their devices, and limit app permissions to essential functions. Installing reputable security software and monitoring data usage for anomalies are also strongly advised. For compromised devices, a detailed incident response process, including factory resetting and restoring from clean backups, should be followed.

The Konfety campaign underscores the growing sophistication of cyber threats targeting mobile platforms. nCERT has called for increased user awareness about downloading unverified apps and granting unnecessary permissions. The advisory emphasizes adopting multi-factor authentication and timely security updates as part of best practices to mitigate risks in an evolving digital landscape.

Share
Published by
ProPK Staff