A recent malicious campaign discovers the delivery of PDF
documents to the users as an attachment through phishing messages in order for
them to download a malicious Android executable file.
The PDFs utilize various ways such as “To open this
document, update the adobe reader” or “To unlock this document press below
button" to grab the user's attention. At the point when the user finally
perform the requested click activity on that document, a malevolent APK
(Android executable) file is downloaded from a link that was present in that
PDF, which further downloads original Adobe Reader.
This malware additionally has the ability to peruse
contacts, read, the browser bookmarks, and key-logging and to inhibit the
background processes.
It distinguishes whether the phone is rooted or non-rooted
and proceeds accordingly at the same time gathering information on the
longitude and latitude data while
tracking SMS notifications and call status'
and then sending the information to the servers controlled by the
attackers.
It is therefore recommended for the users to abstain from
downloading applications from the third-party application stores or links and
other connections given in SMSs or emails. Also to avoid opening mails and
attachments from obscure sources and to dependably keep 'Unknown Sources'
disabled as enabling this option permits the installation certain applications
from obscure sources.
But more importantly, to keep the device OS and mobile
security application always updated in order to protect their privacy.
