Samsung got another issue, now with app S Sugest. Samsung has forgot to renew it’s domain ssugest.com, which is used by S Sugest app. After domain expired, it was registered by Joao Gouveia from Anubis Networks, as informed Motherboard company. After exploding Samsung’s Galaxy Note 7 batteries, it would be another cause, if this domain was registered by hackers. Samsung does not include S Sugest app on it’s Android smartphones since 2014, but it looks like it is still preinstalled on many older Samsung’s Android devices.
S Sugest contacts this mentioned URL, in the last 24 hours were recorded 620 000 000 connections from 2 100 000 devices. Hackers would be able to push malevolent software to Android devices with S Sugest app installed.
Motherboard did not inform, what means installing malevolent software from mentioned domain or which communication protocol is used between domain and S Sugest app. Also, if malevolent apps could be autodownloaded or only offered to download, is uncertain.
S Sugest app got permission to install another apps on device. This does not automatically means, that domain can push malevolent software into affected devices, but you should pay attention.
Another expert Ben Actis said, that this app can install other apps to device, but it is still uncertain, if this claim is based on given permission, as said above, or this app can really download malevolent apps by controlling ssugest.com domain.
Samsung itself said, that “controlling this domain does not allow to install malware or to take control over smartphones”.
But by controlling this domain, hackers would be able to track some aspects of affected users, like IP address.