A new extensive campaign of malware could affect many Android smartphones also in Western markets. The only way to protect yourself is not to use third-party store.
It was discovered a new type of adware on Android would seem that ” virtually impossible to remove. ” The malware exposes the infected device to be dangerous exploits delivering root permissions, and you can lay a trap inside the thousands of counterfeit versions of Twitter, Facebook, Okta available in store third party. The exploit, once taken root on the device, it would seem to withstand even the most extreme procedures of factory reset, forcing the user to replace the smarpthone to get rid of.
They were discovered more than 20,000 examples of applications taken from Google Play, counterfeit with malicious code and then posted on third-party store. You may not notice the tampering, since in many cases modified applications offer the exact same user experience of the original. At least in appearance: secretly, applications use root exploits to get permits, as some of the native services necessary for the proper operation of the device, and installed with the same privileges.
” For users, the infection with Shedun, Shuanet and ShiftyBug could mean a trip to the store to purchase a new phone, ” the researchers said safety of Lookout, which revealed the existence of 20,000 app fraudulent. ” Because these forms of adware get root permissions and install themselves as system applications become almost impossible to remove, and usually force the victims to replace the device if they want to get back its original state. ”
Visually, the app counterfeit do not do much else besides showing banner ads, but since they get the access deeper operating system have the ability to subvert the security mechanisms built on Android. The operating system Google uses a sandbox, or individual applications cannot access sensitive parts of the device. Unless of course are system services, such as app counterfeit discoveries from Lookout. These can then pass the sandbox, get sensitive information and also edit them.
The campaign of malware was made judiciously, excluding such security applications or anti-virus. Unlike other malware on third store of Android, however, the phenomenon is not limited only in some Asian markets. Lookout has found that most of the malware detections were made in the United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico and Indonesia. There is Italy among the countries most popular, but that does not put users of the beautiful country out of danger.
Google does not have direct responsibility for what happened, nor can it do much given the open nature and ” free ” that marks its Android. The case discovered by Lookout is not entirely original, is just the latest that underlines the risks of the use of downloaded applications from third-party store and not considered safe. There is no evidence of infected applications on Google Play Store, which currently appears invulnerable to exploitation described by Lookout.
In many cases, the exploits used in the app are using different root systems, developed specifically to take root across multiple smartphone models. ShiftyBug, for example, it uses at least eight, almost all the same that users apply on their devices to gain root permissions and overcome some restrictions issued by telephone operators and manufacturers.