New Android adware hits thousands of apps, can't be removed

However, looking at the distribution portion of the command and control server, it appears that these families programmatically repackage thousands of popular apps from first-tier app stores like Google Play and its localized equivalents'.

But not only do they look identical to the real apps on third-party stores, they typically function as standard apps as well.

Despite the large quantity of shared code, Lookout doesn't believe the three adware families are created and ran by one single group.

Lookout has found over 20,000 legit apps being disguised as the trojanized adware, and includes big name apps such as "Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others". Periodically from there, the app will serve ads, which generates money for the attacker. It then obtains system-level access and begins injecting advertisements into as much on-screen content as it can find, making its creators a few serious money in the process.

This can let a hacker gain access to sensitive data about the user.

The repackaged apps are highly functional, but serve ads directed by the governing infection's preferences rather than the app's native ones.

Mobile security researchers at Lookout have coined the term of "trojanized adware" to describe the most recent wave of adware that's been discovered in the Android ecosystem, adware that uses various exploits to install itself as root on infected devices.

The security firm says that there's no indication yet that any repackaged app made it to the Google Play Store, Google does have a strict checking mechanism in place to protect against such apps, so if you want to make sure your device doesn't catch this malware simply stick to downloading applications from the Google Play Store. Lookout found three major strains, dubbed Shedun, Kemoge (which Lookout refer to as ShiftyBug) and Shaunet.

It works like this: the user installs an app from a third-party store, and the app auto-roots gaining access to the entire phone's system - an act alone that punches a hole in Android's security, opening up more ways for hackers to launch their attacks.

The researchers said the highest detection rates are in the U.S. and Germany, and other high Android market share countries, like Russian Federation, Brazil, and Mexico, adding that they expect trojanized malware to "continue gaining sophistication over time".


Popular
  • Stefon Diggs sets an all-time record

    Spartans snubbed in initial playoff rankings

    The Truth Behind Guy Fawkes Night

  • Health Care Reform Could Trigger More Malpractice Lawsuits

    Yuvraj Singh reacts to wedding rumours with Hazel Keech

  • South Sudan cargo plane not authorised to carry passengers

    The best is yet to come from Harry Kane

    You can now sign up to try out Cortana on iOS

  • Taiwan says meeting with China's Xi to further normalise cross-strait ties

    FDA Approves New Treatment for HIV

    NYT Forms Committee To Name Successor To Publisher Arthur Sulzberger Jr


CONNECT