Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 7 MINUTES AGO.
You are here: Home / Mobile Security / Android Malware: This One's Trouble
Android Security Alert: This Malware Is Nearly Impossible To Remove
Android Security Alert: This Malware Is Nearly Impossible To Remove
By Dan Heilman / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
06
2015
San Francisco-based mobile security company Lookout said it has uncovered a new threat to the Android operating system in the form of malware that disguises itself as a variety of well-known apps -- but that actually exposes devices to root attacks and is virtually impossible to remove.

The new malware has been found in software available from third-party app stores. The malware program insinuates itself in legitimate applications such as Twitter, Facebook, Snapchat Candy Crush, Google Now and WhatsApp. Lookout said it was able to identify and isolate about 20,000 malware samples in mobile applications.

Since the malware-infected versions of the apps have only been discovered in copies from third-party app stores, apps acquired from the Google Play Store should be free from the malware.

Perfect Copy

Most of the infected apps work in exactly the same way as the apps they copy, which means detecting the bad ones -- and therefore knowing which ones to uninstall -- is almost impossible for untrained users. With root access to a phone, the app can download automatically and become ingrained in the phone’s operating system, making it extremely difficult to delete. Once the infected app runs, it pushes ads to the user’s phone.

Unlike previous types of adware that were apparent to all users and easily uninstalled, the new type of adware is dangerous because it works in the background, Lookout said. Because the malware can’t be uninstalled by most users, the company said the primary options for those whose devices have been infected with the malware are either to take their devices to IT professionals or give up and buy new ones.

Lookout said the act of rooting the devices creates additional security risks for enterprises and individuals. Since other apps can get root access to the infected devices, they also get unrestricted access to files outside of their domains. Applications are usually not allowed to access the files created by other applications, but with root access those limitations can be bypassed.

Three Offenders

During the past year, Lookout has studied three related groups of adware: Shuanet, which, like all three groups, auto-roots the device and hides in the system directory; Kemoge, or ShiftyBug, which recently became known for rooting the victim’s device and installing secondary payload apps; and Shedun, also called GhostPush, another example of this trojanized adware. Together, the three are responsible for more than 20,000 repackaged apps, including Okta’s two-factor authentication app.

Antivirus apps appear to have been specifically excluded from the plague of malware, which Lookout said indicates meticulous planning by the creators of the malware campaigns.

The three malware families were most frequently spotted together in the United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico and Indonesia.

"We believe more families of adware trojanizing popular apps will emerge in the near future and look to dig [their] heels into the reserved file system to avoid being removed," said Lookout’s Michael Bentley on the company’s blog.

Tell Us What You Think
Comment:

Name:

jeff:
Posted: 2016-06-24 @ 6:40pm PT
I have had this issue for 6 months or more and eveyone i talked to thought i was crazy. Somehow this virus gets into your home wifi and takes over all devices. Playstation and my pc as well as tablet and roommates devices are all infected. If anyone knows how to remove this or the contact to someone or a company, i would like to get this resolved

Jay Cee:
Posted: 2015-11-30 @ 12:53am PT
Will this malware will be covered by smartphone insurance? That is, will the smartphone owner be entitled to a replacement smartphone?

Like Us on FacebookFollow Us on Twitter
MORE IN MOBILE SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.