What is ‘cosiloon’ malware and how to get Rid of it ?

‘Cosiloon’ is Android malware recently discovered by Avast, it is estimated that the malware was around from about 3 years.

This malware injects an overlay advertisement over web applications (ex. Chrome, playstore).

• It usually comes pre-installed with devices being manufactured by ZTE, Archos etc (majority of these are not certified by Google)
• The adware is found in around 18,000 devices located in more than 100 countries including Russia, Italy, Germany, the UK, as well as in the U.S.
• The malware uses Dropper, making it more dangerous

What is a Dropper

A Dropper is disguises as a genuine part of firmware which is not malware itself, but is used by the author of Malware to drop new payloads or malware

Basically you cannot remove a Dropper without rooting your phone, so antivirus will remove malware but dropper will install new malware again

Dropper can only be disabled in non-rooted phones

How to protect yourself

1. Disable dropper

• Go to Settings > Apps and scroll over to the All tab for a complete list of your apps ( both system and installed apps ) .
• Search for Apps named “CrashService,” “ImeMess” or “Terminal” with generic Android icon
• disable the app simply tap on it and then tap Disable.Once disabled, these apps won’t run in background.

2. Remove malware

• As the malware was first detected by Avast, it is recommended to Download Avast Antivirus to remove malware ( Trial version )
• Or else download freeware Multi-engine scanners like Virustotal or OPSWAT MetaAccess

Sources & Artwork

fonearena.com

securelist.com