The KK Browser application (Trojan downloader) removed from Google Play

The malware analysts from the Doctor Web antivirus laboratory claim that the KK Browser application made available on Google Play impersonated the browser, spied on users and sent very interesting information about the device to the remote server.

KK is the smallest and fastest browser you've ever seen. With a volume of only 1M, it is able to be started within 0 second. - we read on Google Play.

KK Browser identified as Android.Downloader.171.origin has been downloaded from 100,000 to 500,000 times. It has both adware and spyware features. Once installed on the device, it connects to the C2 server at http: //120.**.73.213: 80 or http: //s.1329***.cc:88 and downloads files identified by cybercriminals. Depending on whether the phone has root privileges, the Trojan can automatically install or delete applications without any notification, or will display an informational prompt if the device is not tampered. In addition, the Trojan displays fake e-mail notification in the status bar that redirects the user to phishing web sites or malware for Android.

It is also interesting what information is transferred to the server of criminals. As the vast majority of victims are Chinese and Indonesian, the Trojan scans the device for Chinese anti-virus programs, sends device information (IMEI, screen resolution), operating system and installed programs.

In the Google Play store there are two applications with similar names by KK App Team - SMS KK and KK Cleaner. It's worth taking care of them and just do not install them.

VT analysis of the Trojan .

The malicious KK Browser application has already been removed from Google Play.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.