Saturday, 7 November 2015

New Android adware hits thousands of apps, nearly impossible to remove


Next time you download a popular app to your Android device, make sure you know the source. Lookout, a mobile security firm, has found widespread of extremely dangerous adware, which quietly gets root level access, getting into Android devices when they download what they believe is a legitimate app.

Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others, which roots the device, exposing it to a host of more attacks.

The attack is straightforward. An attacker downloads a popular app which is most widely used, say Facebook or Whatsapp from the Google Play store, and then injects it with one or more root exploits.  Then the attacker uploads this app to a third party stores. Now, when you download and install the infected app, the root exploit works in the background, and attempts to gain root access on the infected device. 

So far, Lookout has found three distinct forms of this kind of attack- ShiftyBug, Shuanet, and Shedun. They install themselves as system apps and get access to high privileged system-level processes.

Lookout also says that users may never know, the cause of any issues they may experience after the devices are infected, because the infected app works correctly most of the time. Even worse is that these apps cannot be removed by typical methods, as it writes itself to protected storage system, meaning that not even wiping the Android device's storage can remove the malware. This means you will have to seek professional help to remove it or buy a new device entirely, since the malware can't be removed

"Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user. To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device," the security firm wrote in a blog post. 

The discovered app infections were concentrated in United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico and Indonesia. 

The best way to stay safe is sticking to official distribution channels. Android users are advised to download apps from Google Play Store, and have a look at the data, the app seeks permission for at the time of installation.

No comments:

Post a Comment