New Malware Targets Android Phones: Impossible to Remove?

Researchers recently discovered that there is a new kind of Android malware present in thousands of apps. These appear as familiar titles, including Facebook, Twitter and more. The worse news is that these are reportedly close to impossible to remove, which may compel users to fully replace their device.

ZDNet revealed that Lookout Security, a mobile security company, found the new “trojanized adware,” which provides a new take on the manner that unscrupulous individuals are earning cash online. The hackers will take legitimate apps from the Google Play store and then repackage these using baked-in adware. Finally, they will render it to a third-party app store to be availed by users everywhere. The apps are generally functional and can infiltrate user devices without activating any alerts.

When a user avails and installs an app from the third-party store, the app will automatically root and gain access to the entire system of the device. This provides a huge opportunity for malicious actors to attack user information and device contents. The app will serve ads, thereby generating money for hackers.

In a blog post, Lookout Security stated that the adware pieces root the device and establish themselves as system apps, thereby becoming nearly impossible to remove. Victims usually have to replace their device completely to retain their confidentiality and protect their information.

According to Lookout Security, there are at least three of the same families of the Android trojanized adware that serve ads, namely Shudun/GhostPush, Shuanet and Kemoge/Shifty Bug. The three are reportedly responsible for more than 20,000 repackaged apps, including the two-factor authentication app by Okta.

On a positive note, the security firm stated that there is no sign that users who install apps from the Google Play store, are affected. The current issue in targeting enterprise apps like Okta is that there might be access to content that is not supposed to be accessed, such as corporate data. As for Shedun, Shuanet and ShiftyBug pose problems that are difficult for Google to address, since it has no full control over third-party app stores, Apple Insider stated. Legitimate app developers also risk getting defamed, since users may not understand how legitimate-looking software is damaging their devices. Apple, on the other hand, is still blocking attempts to root iPhones, allowing the company to address such problems quickly.

According to the researchers, they detected the highest rates in the United States, Germany, Brazil, Russia and Mexico. They predict that the malware will get more complex over time.