Affiliate links on Android Authority may earn us a commission.Learn more.
Malicious Android adware campaign tries to exploit root access
August 09, 2025
After theStagefrightfiasco I’m sure that the last thing you want to hear about right now are more Android security issues. ButFireEyeresearchers have discovered an aggressive adware campaign, which they have dubbed Kemoge, that is targeting Android devices in more than 20 countries.
Kemoge apparently doesn’t stop there though, the apps then attempt to exploit eight common Android root methods in order to secure themselves deep into and to take over the system. It’s not clear how successful these exploits are, but if achieved, common processes such as com.facebook.qdservice.rp.provider are imitated to make adware removal much tougher and it even attempts to uninstall some antivirus software suites from devices.
FireEye did spot one example of an app signed by the same developer certificate as an app from Google Play, but it didn’t contain any malicious code and has since been removed by Google. There’s no evidence to suggest that this adware campaign is affecting legitimate app services, so users who are careful about what they download should remain unaffected.
This is yet another reminder that legitimate stores are the safest place to download your Android apps. You can read the ins and outs about how the adware works in the source link below.
Thank you for being part of our community. Read ourComment Policybefore posting.
