Researchers at Lookout Security have found a Shuanet malware that masquerades as some of the most downloaded apps like Facebook, Twitter, and Snapchat.
Android devices are always under attack, from IQ Testing App infecting millions of users worldwide to gaming apps like Candy Crush and Plants vs Zombies each and every one of them played their part in infecting users.
Now, according to the security team, there are over 20,000 such apps are out there and the scary part is that once installed these apps cannot be removed.
Basically, what happens is that the legitimate apps from Google Play Store are re-packaged with “organized adware” and then placed on third party app stores.
Once the user downloads the app it serves the user with unwanted ads and scammers make money from it. Thanks to the Google’s slow scanning process for Android that such apps avoid detection by Google Bouncer. (Pun intended). Google Bouncer is an automatic app testing system that detects inherent security issues of the device.
Some of the infected apps revealed by the researchers include Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.
The countries more affected by these apps are Brazil, Iran, India, Indonesia, Germany, Jamaica, Mexico, Russia, Sudan and the United States.
Researchers also found out that Shuanet has 71% and 82% similarities with the code of GhostPush and Kemoge.
The GhostPush malware comes with those Android apps that are available at non-Google app stores. It has the capability of compromising a massive number of new devices (more than 600,000) on a daily basis.
The Kemoge malware infected Android users in 20 countries with an aggressive malware program that hammered their android devices with unwanted advertisements.
What makes these apps much more powerful is to deliver what the user has downloaded like if you download facebook you will have the same facebook as app store will provide you but with unwanted ads and a bonus malware!
Even if the user finds out that they have mistakenly installed a malware app, it cannot be removed because these apps are installed as system applications. So, the only way user can get rid of this type of malware is by throwing away his phone and buying a new one.
“Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy.” Lookout wrote in one of their blog posts.
We at HackRead have always urged users never to download apps from a third-party platform. Always go for Google Play Store and check for the developer’s information before downloading an app.
[src src=”Source” url=”https://blog.lookout.com/blog/2015/11/04/trojanized-adware/”]Lookout[/src]