20ooo popular applications for Android Phones are infected with the New Auto Rooting Trojanized Adware
Auto-rooting adware is a worrying development in the Android ecosystem in which malware roots the device automatically after the user installs it, embeds itself as a system application, and becomes nearly impossible to remove. Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated. This is a new trend for adware and an alarming one at that.
Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.
Malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores. Indeed, we believe many of these apps are actually fully-functional, providing their usual services, in addition to the malicious code that roots the device.
Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user. To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device.
The act of rooting the device in the first place creates additional security risk for enterprises and individuals alike, as other apps can then get root access to the device, giving them unrestricted access to files outside of their domain. Usually applications are not allowed to access the files created by other applications, however with root access, those limitation are easily bypassed.
Kemoge, The latest Android Malware which auto roots the Victim’s Device, has been spreading very fast. How to find out that your device is infected ?
If recently, you have started getting too many ads on your smartphone while running an app, It’s not a usual story. Unfortunately, your phone got a deadly Trojan.
You can simply install a root checker application and see if your device is rooted or no ? If the answer is yes, better be careful and try to go for ” Factory settings “.
For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone. Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy.
While historically, adware hoped to convince the user to install new applications by showing banners and annoying pop ups, now it can install these third party apps without user consent. In this way it can heavily capitalize on the Cost Per Install paid out by web marketing companies.
Source : Reproduced from Lookout for User Education purpose