Adware Programs Pose as Popular Apps, Root Android Devices
Mobile security firm Lookout detected thousands of samples of malicious adware masquerading as legitimate applications, but which root victims' systems to reap a few dollars in ad revenue.Over the last year, a trio of pernicious Android adware programs have been posing as popular apps and then been taking complete control of the devices on which they run, according to report from mobile security firm Lookout. The three adware programs—known as Shedun, Shuanet and ShiftyBug—are interconnected families whose developers appear to share code. While adware—and other potentially unwanted programs—are known hazards for Android users, these latest programs have become much more malicious, masquerading as popular apps—such as Candy Crush and Facebook. When the program is run, it installs the app but also takes control of the device and installs adware. In the past year, the adware programs have accounted for 20,000 malware samples, each repackaging a different, but legitimate, app, according to Lookout. Anyone who installs the apps will quickly find their device rooted, Michael Bentley, Lookout's head of research and response, told eWEEK. "About 30 seconds after you install what seems to be a popular app, the application installs components into the system directory," Bentley said. "Other apps do not have access to remove code from the system directory, so the malware now has persistence on the victim's device."
While many potentially unwanted applications, such as adware, target the Android platform, most do not try to gain control of the device. Removing the run-of-the-mill unwanted programs is not too difficult, Lookout said, but the three new programs identified are much harder to remove, requiring technical knowledge.