Lookout – New, Sneaky Android Adware tries to Root Phones

Yet another reason to avoid sites that offer repackaged Android apps …

Android is without doubt the most popular mobile operating system out there. While other mobile systems may be more popular in certain regions, it is Android that is dominating most markets. Security firm Lookout discovered a new form of Android adware recently that goes through great length to make sure it stays on the device it has infected.

The adware comes in form of re-packaged applications that Android users download from third-party stores or other sources that offer Android apk files.

The distribution method has been used before to deploy adware or malicious software on devices, but this type of adware does more than just throw a handful of popup ads in the user’s face every now and then.

It ships with rooting functions, and if successful in rooting the device, will move the app to the system partition.

Since the system partition is unaffected by factory resets, the adware will persist on the device making it even harder, some would say nearly impossible, for end-users to remove it from their system.

Lookout stated that it discovered the adware, dubbed Shuanet, in more than 20,000 popular re-packaged applications including Facebook, Candy Crush, New York Times, Snapchat, Twitter or Whatsapp.

android root malware

These apps function normal for the most part, and the only indicator that something is not right is the occasional ad popup they display on the device.

This is one of the few indicators users get on their device that something is wrong.

Good news, and that is just cold comfort, is that the malicious code is only designed to display adware on the user’s device.

It is at least in theory possible however that different versions of the code will do more than that, for instance steal user data, install additional applications or remote-control the device.

The rooting exploits on the other hand are not new. In fact, they have been patched in newer versions of Android making devices only vulnerable to Shuanet’s root attack if it has not received patches. This can be the case if the manufacturer of the device is not offering them, or if the owner of the device has not installed them on it.

There is another barrier to getting infected. These repackaged applications are not available on Google Play, and like also not on other major application stores.

They are provided as direct apk downloads or in stores that don’t verify ownership or other factors before applications are added to it.

Direct apk downloads or third-party application stores are quite popular for a number of reasons. First, for phones and tablets that don’t ship with Google Play but another application store that may not have certain apps in its inventory.

Then, because of the “dreaded” roll-outs of new apps that Google favors these days. Updates and new applications are not made available to all users at the same time. Instead, they are rolled out gradually which means that some users may have to wait weeks or even months before they get the update or an option to install the app on their device.

It is unclear right now if security applications detect the Shuanet adware. Lookout, the firm that discovered the new strain of adware, has its own Android security application called Lookout for Android.

Link to Original Content

Tags: , , , , ,

Comments are closed.