Home / Computers & Internet / New Android auto-rooting adware that’s virtually impossible to uninstall.

New Android auto-rooting adware that’s virtually impossible to uninstall.

Researchers of a security firm named Lookout have uncovered a new type of Android adware that’s virtually impossible to uninstall. The malware in question is a type of Trojan adware called Shuanet, which is masquerading as 20,000 different popular apps including Facebook, Snapchat, Twitter, NYTimes, WhatsApp, including Okta’s two-factor authentication app and more. The Adware doesn’t just display ads though but attempts to root any device it is installed on, allowing the malware to survive factory resets.

batdroid-blj

The researchers have found more than 20,000 samples of trojanized apps that repackage the code or other features found in official apps available in Google Play and then are posted to third-party markets. These apps appear to function normally after being installed, so the user might not even realize anything is wrong. Just a few annoying popup ads, but such is the price we pay for living in a connected world, right?

Also Read:- Tips to make your Android phone safe and fast.

Behind the scenes, however, the apps use powerful exploits that gain root access to the Android operating system. The exploits—found in three app families known as Shedun, Shuanet, and ShiftyBug which allow the trojanized apps to install themselves as system applications, a highly privileged status that’s usually reserved only for operating system-level processes. Making matters worse, it’s almost impossible to remove, forcing a user to replace their device entirely.

Andriod

The Lookout researchers said the apps appear to do little more than display ads, but given their system-level status and root privileges, they have the ability to subvert key security mechanisms built into Android. It certainly tries to root any Android device it is installed on, but according to Lookout, it’s not using any new secret system vulnerabilities. It’s simply a package of older community-developed exploits that enthusiast users install to gain root access for their own enjoyment. If Shuanet successfully roots a phone, it moves the infected app to the system partition, which means it will survive a factory reset. The only way to remove it would be to use a root-enabled file explorer to find and remove the package. That would be tough if you didn’t know which app was the source of the infection. Lookout is seeing the highest number of detections in the US, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia.

The good news is that the company said there is no indication that users who install apps from Google Play, Android’s official app store, are affected. It’s still very hard to get infected with Shuanet. You’d have to disable installation protection, ignore the Google security warnings and then manually install one of these apps from a shady third-party app store instead of simply getting it from Google Play. So think before you download any app from any third-party app store.

About Prasenjeet Kumar

I am the Founder and Author of this blog. I am a software engineer and worked as a freelancer for 7 years. I am a tech enthusiastic person and like to write on latest topics about technology, gadgets, Mobiles and Tablets, etc.

Check Also

enticing-logo-tips

Attract your Target Audience with These Enticing Logo Tips

Logos and visual identities specify brand value of any business. All worldwide businesses invest substantial …