We recently reported on various studies and stories about Android being vulnerable and various applications been hijacked by malware. It is important to stress at this point, with due care and attention to where you are downloading applications from – you will reduce the risk of an attack on your device. Using authorised market stores like Google Play or Apple iTunes reduces the risk of downloading a compromised application.
Security researchers from Lookout have discovered around 20,000 applications from third party marketplaces have been infected by malware, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter and WhatsApp. The malware families have been named as ‘Shuanet’, ‘Shiftybug’ and ‘Shedun’ by Lookout. Each family of malware uses known security vulnerabilities in Android to gain top-level root privileges to the device. The Android malware installs an ad-display tool as a system application which cannot be removed even using a factory reset. The adware is installed silently, so users might not be aware that it arrived via an infected app.
Lookout has stated: “Victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device,”
“Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user.”
Lookout goes on further to highlight that the infected applications are selected through their popularity in the genuine Google Play marketplace.
“Antivirus apps appear to have been specifically excluded, suggesting a high level of planning when creating these malware campaigns,” Lookout explained, adding it detected the highest number of devices infected by the three malware families were based in the US, followed by Germany, Iran, Russia and India.
Lookout notes, “For enterprises, having rooted devices on the network is a concern, especially if those devices were rooted by a repackaged version of a legitimate and popular enterprise app,” Lookout said. “The problem here is that these apps may gain access to data they shouldn’t have access to, given their escalated privileges.”
We’d like to point out: users who download apps exclusively from Google’s Play Store are not affected by the malware.