Security researchers have uncovered a new style of Android malware that hides inside of apps that act and look like they’re legitimate services.
Lookout Security described the unsavory practice as “trojanized adware.” Essentially the third-party apps look and function like Google, Facebook, Twitter, WhatsApp, and other popular apps. But once they’re installed, they assign themselves system-level permission and serve up ads throughout the rest of the OS, generating money for the hacker.
It’s a new level of evil genius because the security firm says they’re nearly impossible to uninstall: the best option for those who fall victim is to just ditch out on the device and pick up a new one. The trojanized apps obtain root-level access and install themselves as system apps, so even a factory reset doesn't get rid of them.
The impact on you: While this may sound dire, it confirms our core piece of security advice: stick to the Google Play Store or Amazon App Store and always install the latest Android OS and Play Services updates. The absolute best option is to pick up a new Nexus device, which Google has pledged will get monthly security updates directly from Mountain View. BlackBerry recently made a similar pledge, with Silent Circle (maker of the Black Phone), and a few others jumping on board. So far, Google has been the most aggressive at sticking to the timeline.
The Wild West of Android apps
These miscreants are hiding out in third-party app stores and in software downloaded via the web. They still look and work like regular apps, but then release the trojanized adware into your device with nearly limitless access to key data.
In a blog post outlining the threat, Lookout’s Michael Bentley cautioned against rooting one’s phone, a popular activity by those who like to install custom ROMs and tinker with the way their phone works.
“The act of rooting the device in the first place creates additional security risk for enterprises and individuals alike, as other apps can then get root access to the device, giving them unrestricted access to files outside of their domain. Usually applications are not allowed to access the files created by other applications, however with root access, those limitation are easily bypassed,” he said.
The security firm said there are three similar families of the trojanized adware that serve up the ads: Shuanet, Komage, and Shudun. Together, they’re responsible for over 20,000 different samples of malware.
Such an issue could be a particular headache for enterprise, as the apps with root access would then be able to get their hands on sensitive company data.
However, it reaffirms that unless you really know what you’re doing, you should avoid rooting your phone and venturing out to such uncharted waters. And, again, stick to the Google Play Store and Amazon App Store, where software is tested for malware and digitally signed before being made available.