Security researchers have found a new type of Android Malware present in thousands of apps that is especially pernicious and nearly impossible to remove once it installs itself.
How the Android malware gets to so bad
Over 20,000 apps seem to be infected with a new “trojanized adware” according to the San Francisco-based Lookout security. For the most part, if you have used nothing but the Google Play Store in order to download your apps you should be just fine. The problem is, so far without exception, limited to third-party Android app store.
The miscreant neer-do-wells behind this particular malware are taking legitimate apps from such everyday and popular apps like including Facebook, Twitter, Candy Crush, NYTimes, Google Now, Snapchat, and WhatsApp and packaging their trojans inside the app before sending it to a third party store. The bulk of the affected programs still operate with full functionality making them difficult to detect.
Charlie Munger: Invert And Use “Disconfirming Evidence”
Charlie Munger is considered to be one of the best investors and thinkers alive today. His thoughts and statements on investment research, investment psychology, and general rational behavior are often incredibly insightful. Anyone can learn something from this billionaire investor and philosopher. Q2 2020 hedge fund letters, conferences and more If you’re looking for value Read More
Auto-rooting makes removal near impossible
Once the apps hosting the malware are installed they auto-root themselves into the phone and for all intents and purposes now own the device. They essentially gain access to the entirety of the phone’s system and open a door to even nastier attacks. While nearly all your information could be made available to a more advanced hacker, most of these apps are contenting themselves with serving up ads that generate advertising revenue for the person involved.
“Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy,” said the company in a blog post.
Lookout as identified no less than three specific families of trojan adware: Shunanet, Shudun (also known as GhostPush) and Kemoge (aka ShiftyBug).
“Together, the three are responsible for over 20,000 repackaged apps, including Okta’s two-factor authentication app,” employees of Lookout have said.
In addition to pushing ads to your phone to thoroughly frustrate you and bring in revenue for the attackers, a small amount of these 20,000 affected adds also download and install apps for you to make more money for the attackers.
U.S, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia being the worst hit, according to the report.
While again these apps haven’t really hit the Google Play Store yet, the researchers believe that they are only going to get more sophisticated in the future.