Malicious Web Ad Infecting Android Phones

Savvy Internet users know not to click on strange links, but malvertising — malicious code hidden within otherwise innocuous advertisements — presents a more pernicious problem.

Credit: Georgejmclittle/Shutterstock

(Image credit: Georgejmclittle/Shutterstock)

A new malvertising campaign isn’t content to just redirect your web browser to unsafe sites. If you're using an Android phone, it downloads and installs an Android app that can compromise your entire phone, with no known panacea. The trap is easy to avoid, but once it’s sprung, it’s sprung for good.

This information comes from the Zscaler ThreatLabZ team, a San Jose, California-based security firm. Zscaler discovered the issue by scouring the Godlike Productions forums, a hotbed of UFO and conspiracy theory activity. For once, the tinfoil-hatted commenters had it right; someone really WAS out to get them, and that someone was a cybercriminal.

What You Need to Do

The good news is that avoiding the problem is extremely simple, and you may not even be susceptible to it in the first place. In order for apps from sources other than the Google Play store to be installed, users must go into Security-->Settings and allow apps from "Unknown Sources." That function is a security risk, and is disabled by default.

Still, if you use third-party app stores (like the Amazon Appstore), you've already enabled Unknown Sources. To disable the feature, check your phone’s settings. Enabling and disabling third-party app installation will be under the Security menu, although that menu's location may vary depending on your phone.

MORE: Best Android Antivirus Software and Apps

Advertisements on the forum automatically installed an Android APK known as "kskas.apk" to users' phones. The program calls itself "Ks Clean" and promises to clean out Android device. Once installed, though, it claims that the phone is vulnerable to a security loophole and requires an update to safeguard the device.

The update, of course, is in reality another app, and a much more malicious one. This one requires administrative privileges to install, which means that the "update" app can control your phone at the deepest level.

A Godline Productions page, surrounded by iffy ads. Credit: Godlike Productions

(Image credit: A Godline Productions page, surrounded by iffy ads. Credit: Godlike Productions)

Once installed, the update app takes no interest in either cleaning your system or plugging security gaps. Instead, it plasters your home screen with obnoxious advertisements. While it doesn’t seem to be anything more malicious than that at the moment, it does communicate to its masters using a fairly complex command-and-control server, and could distribute actual malware if its creator so desired.

Uninstalling the app is impossible, since "update" controls the device at an administrative level. Any attempt to get rid of it forces the phone into a lock screen, and at the time of writing, there's no way around it. Your only recourse is to perform a factory reset on the phone. Depending on how much data you have saved on your device, this could range from inconvenient to disastrous.

If you have to keep installing third-party apps, you can still avoid this particular menace by just denying Ks Cleaner or its update permissions when they try to install. A good Android antivirus program should also catch the app and quarantine it before it has a chance to do any damage.

As for Godlike Productions, Zscaler was unable to find the particular ads that triggered the malicious APK, so they could be gone by now. The truth, as the site’s adherents might say, is out there.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Android Phones
The Find my People feature
Android Find My can now track your friends and family — here's how to use it
Google Pixel 9 Pro in hand
Epic Google sale on Pixel 9 Pro, Pixel Watch and more — 9 deals I’d buy with up to $400 off
samsung galaxy s25 edge mockup at galaxy unpacked
Galaxy S25 Edge is overhyped — I want Samsung to make this phone thinner instead
CAD renderings of the Google Pixel 10 Pro
Latest Google Pixel 10 leak could make you want to skip it altogether
android 16 logo on a samsung galaxy smartphone
One of Apple’s most controversial AI features could be coming to Android phones
Google Pixel 9a render
Google Pixel 9a pre-orders could come with a free Google TV Streamer — what we know
Latest in News
Hacker typing on laptop in darkened room
Hackers create "BRUTED" tool to attack VPNs – how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
(L-R) Mark Eydelshteyn as Vanya and Mikey Madison as Anora "Ani" Mikheeva in "Anora"
Hulu top 10 movies — here's the 3 you need to stream right now
A detail view of a Wilson basketball bearing the March Madness logo
March Madness LIVE: watch and stream NCAA basketball, odds and build-up to First Four
Twisters movie (2024)
Prime Video just added this action-packed thriller with Glen Powell — stream 'Twisters' now
Gemini screenshot image
Gemini just became the ultimate collaborator — everything you need to know about this huge new upgrade