What is "Shopper" Malware?

A Nasty Trojan

Cybersecurity firm Kaspersky has been looking into ‘Shopper’ - a new form in the long history of Trojans. A staggering amount of victims have been discovered so far, with the largest base of victims being in Russia, in October and November of 2019, with 28.46% of online shoppers being affected. After Russia, come Brazil and India, where roughly a fifth of all Brazilian users and 14% of Indians were and might still be affected.

Despite the research and estimates of the victims the malware has claimed, researchers are not quite sure yet where the virus came from. The main suspects are fake ads, that prompt a download, and third-party app stores.

How Does it Work and What Does it Do?

The newest installation in the family of Trojans, the ‘Shopper’ is incredibly annoying, researchers have discovered. It more than just spams product pages, adding fake reviews, it also propagates an annoying amount of ads and can even gain access to social media accounts and emails.

Masking itself as a system application with a system icon under the name of “ConfigAPKs” this nasty malware can do all sorts of unpleasant damage once it accesses the target system.

Abusing features that allow users with disabilities to read content out loud and automate interaction with the interface is one of the worst things the ‘Shopper’ does. Such applications violate the most vulnerable among us, and as such, unless you have an absolute necessity for them, should be avoided if you want to be extra safe.

Once the Trojan receives access to apps and after it masks itself so the user won’t detect it, it does a wide variety of dangerous and annoying things – such as tracking keystrokes and gaining access to Facebook and Google accounts, thus allowing it to register on popular shopping apps like AliExpress, Lazada, Shein and others.

Once the registrations are done, it starts bombarding products with fake reviews, and based on the number of victims so far, it’s quite a staggering amount of unreliable information being spread. Among all this mischief is the malware’s ability to turn off Google Play Protect, a built-in protection from Google which scans applications before a user downloads them to check if they’re safe. The ‘Shopper’ also sends phishing requests.

Accessibility Service Permissions raises a red flag.

While it’s not the worst of all malware you can be affected by, Trojans can do a lot of damage in a very short amount of time, potentially forcing you to remake social media entirely and change all your passwords. With the massive amount of infections, staying away from fraudulent ads and third-party app stores is a good choice if you want to stay safe from the ‘Shopper.’