Ewind
Ewind is a widely spread Android adware family that targets almost exclusively users in the Russian region. What is interesting about adware is the method that its author has opted to spread the application – apparently, they download legitimate applications from the Google Play Store, decompile them, add Ewind's code, and then repack them before uploading them to application stores popular in Russia. So far, this strategy has been employed to create fake but working copies of popular Android games and applications like Minecraft, Vkontakte, Opera Mobile, GTA Vice City, etc.
The primary purpose of the Ewind adware is to inject advertisements that will be displayed on the user's smartphone or tablet – however, the code of the adware reveals that it also may support additional features such as hijacking text messages or collecting information about the device. Cybersecurity experts have determined that the authors of the Ewind adware could potentially take control over the infected device if they wish to.
Ewind Adware Uses Legitimate Decoy Applications
When a program laced with the Ewind adware is first opened, it will prompt the user to grant it admin permissions by stating that it needs them to operate reliably. However, it is important to add that Ewind does not need admin privileges to display advertisements – it is not yet clear why the adware demands to have escalated privileges. Another typical trait of Ewind is that it focuses on displaying advertisements related to financial services and applications – for example, it frequently promotes various cryptocurrency wallets.
Ewind can be configured to retrieve specific text messages automatically – it is able to filter incoming SMS messages by checking the contents for specific strings or by looking for a particular phone number. If a match is found, Ewind can extract the text message's contents and transfer them to the attacker's server. This could be used to bypass two-factor authentication, but, thankfully, there is no confirmation that Ewind's author has used this feature yet.
It is clear that Ewind is a sophisticated piece of adware that may outdo itself eventually and do more than what typical adware does. It is recommended to keep your computer protected by using an up-to-date Android anti-virus utility, as well as only downloading Android applications hosted on trustworthy sources.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.