Menu
Trojanized Android apps flood third-party stores, compromise phones

Trojanized Android apps flood third-party stores, compromise phones

Malicious copies of the most popular Android apps are used to install persistent adware

Attackers are creating rogue versions of popular Android applications that compromise the security of devices and are extremely hard to remove.

Researchers from mobile security firm Lookout have found more than 20,000 samples of such trojanized apps. They're typically fully functional copies of top Android applications like Candy Crush, Facebook, Google Now, NYTimes, Okta, SnapChat, Twitter or WhatsApp, but with malicious code added to them.

The goal of these rogue apps is to aggressively display advertisements on devices. A scary development though is that, unlike traditional adware, they root the devices where they get installed in order to prevent users from removing them.

In the Android world, rooting a device refers to the process of obtaining administrative privileges -- the root account. An application with root access can break out of its restricted sandbox and take control over the entire device, its applications and data.

The good news is that these trojanized applications are mostly distributed through third-party app stores, so they pose no direct threat to users who only download apps from Google Play.

However, there are legitimate reasons for users to use third-party app stores, which often have apps that are not allowed in Google Play because they can't meet the store's various terms. Online gambling and porn apps are two examples.

Lookout recorded the highest number of detections for trojanized applications in countries like the U.S., Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia.

The researchers identified three separate families of adware apps that automatically root devices, dubbed Shedun, Shuanet, and ShiftyBug, which they believe could be related.

The attackers behind these threats likely uses automation to repackage the most popular legitimate apps from Google Play and upload them to less-policed, third-party stores. That would explain the large sample count.

"We expect this class of trojanized adware to continue gaining sophistication over time, leveraging its root privilege to further exploit user devices, allow additional malware to gain read or write privileges in the system directory, and better hide evidence of its presence and activities," the researchers said in a blog post.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments