VPN Articles and News

New Family Of Android Malware Is Almost Impossible To Remove

Saturday, April 16th, 2016

Researchers working at San Francisco based security firm Lookout Inc. have discovered a new family of Android malware that is almost impossible to remove. In a blog post published on its website, the company has revealed that malwares belonging to this family are often disguised as legitimate apps and are freely available at third party app stores. Lookout also said that it was able to identify as many as 20,000 samples of this malware in mobile applications. Considering that mobile users often install third party apps to take advantage of freebies, it is almost certain that millions of Android devices might be infected by these apps.

Lookout has been closely studying three different but related adwares, nicknamed Shuanet, Kemoge and Shedun; over the last one year. While Shuanet auto-roots the device on which it is installed and buries itself in the system directory, Kemoge (also known as ShiftyBug) not only roots the device but also installs payload apps. The third adware Shedun (also called GhostPush) is very similar to Shuanet and Kemoge and is yet another example of auto-rooting trojan adware.

As per Lookout, these adwares are packaged as popular and legitimate apps on third party app stores. The company was able to detect the presence of these malwares in many popular Android apps, including Facebook, Snapchat, Candy Crush, Whatsapp, Google Now and New York Times; that were available for download at third party app stores. Perhaps the most scary thing about this malware was that it was even discovered in Okta’s two-factor authentication app which means even other apps relying on this method of authentication were at the risk of infection. Although the malwares infected Android devices from all over the world, most infections were found in United States, Brazil, Mexico, Germany, India, Russia, Iran, Indonesia, Jamaica and Sudan.

Lookout says that while these apps are made to look and function exactly like the apps that they were imitating, in reality they embedded themselves so deeply into the infected system that they were nearly impossible to remove. Once these malwares are able to infect a device, they start displaying ads without any restrictions. Unlike other adwares, this family of malware works in the background which means most users aren’t even aware about the infection. Also, since these malwares gain root access, they render the phone vulnerable to other types of attacks. For instance, the trojans may allow other apps to bypass phone security and download files thereby creating considerable security risks for enterprises and individuals. Lookout says that normal users won’t be able to remove this family of malware on their own and recommends taking infected phones/tablets to security professionals or consider replacing them altogether.

Since the new family of malware can only be downloaded from third party app stores, Lookout recommends downloading apps only from the Google Play store. The company has warned that auto-rooting malwares are very dangerous and their use is on the rise. Lookout also predicts that more families of trojan adwares which are extremely difficult to remove would emerge in the near future.

April 16, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 5 =