Menu
Trojanized Android apps flood third-party stores, compromise phones

Trojanized Android apps flood third-party stores, compromise phones

Malicious copies of the most popular Android apps are used to install persistent adware

Attackers are creating rogue versions of popular Android applications that compromise the security of devices and are extremely hard to remove.

Researchers from mobile security firm Lookout have found more than 20,000 samples of such trojanized apps. They're typically fully functional copies of top Android applications like Candy Crush, Facebook, Google Now, NYTimes, Okta, SnapChat, Twitter or WhatsApp, but with malicious code added to them.

The goal of these rogue apps is to aggressively display advertisements on devices. A scary development though is that, unlike traditional adware, they root the devices where they get installed in order to prevent users from removing them.

In the Android world, rooting a device refers to the process of obtaining administrative privileges -- the root account. An application with root access can break out of its restricted sandbox and take control over the entire device, its applications and data.

The good news is that these trojanized applications are mostly distributed through third-party app stores, so they pose no direct threat to users who only download apps from Google Play.

However, there are legitimate reasons for users to use third-party app stores, which often have apps that are not allowed in Google Play because they can't meet the store's various terms. Online gambling and porn apps are two examples.

Lookout recorded the highest number of detections for trojanized applications in countries like the U.S., Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia.

The researchers identified three separate families of adware apps that automatically root devices, dubbed Shedun, Shuanet, and ShiftyBug, which they believe could be related.

The attackers behind these threats likely uses automation to repackage the most popular legitimate apps from Google Play and upload them to less-policed, third-party stores. That would explain the large sample count.

"We expect this class of trojanized adware to continue gaining sophistication over time, leveraging its root privilege to further exploit user devices, allow additional malware to gain read or write privileges in the system directory, and better hide evidence of its presence and activities," the researchers said in a blog post.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments