Android users are being targeted by more than 20,000 “trojanized” pieces of adware masquerading as legitimate applications, according to new research.
In research released on Wednesday, mobile security company Lookout says that malware called “Shuanet” is infecting Android devices by posing as popular applications like Facebook, Okta, Twitter, and WhatsApp.
“Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background,” Lookout’s researchers write. “These malicious apps root the device unbeknownst to the user. To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device.”
“Rooting” a device means that an operator has privileged control to modify system files, generally granting them complete control. The Cybersecurity firm FireEye reported in October that Android users in more than 20 countries had become infected by malware that originated in China known as “Kemoge.”
Lookout’s researchers noted that the vulnerabilities they discovered could also affect those who own the networks to which victims connect.
“For enterprises, having rooted devices on the network is a concern, especially if those devices were rooted by a repackaged version of a legitimate and popular enterprise app,” the researchers said. “In this rooted state, an everyday victim won’t have the proper interface to control what apps on the phone request root access. The problem here is that these apps may gain access to data they shouldn’t have access to, given their escalated privileges.”
Related Story: http://www.washingtonexaminer.com/article/2574318
The researchers found that Shuanet was closely related to Kemoge and another piece of malware known as “Shedun,” with variants having “71 percent to 82 percent code similarity.” Additionally, they said, the malware is worth about $2 per installation to the perpetrators.
“Over the past year, Lookout studied Shuanet, along with recently exposed Kemoge and Shuanet, and determined the three adware families are interconnected, with Chinese roots and one common goal: to repackage top apps in Google Play,” they wrote. “All for the purpose of capitalizing on ad dollars, at about $1.90 per app install.”
Android devices are becoming increasingly known for having critical vulnerabilities. Another October study released by researchers from the University of Cambridge found that on average, 87.7 percent of Androids are vulnerable to common exploits.
