New Android adware hits thousands of apps, can't be removed

More than 20,000 adware samples masqueraded as legitimate apps, like Facebook, Snapchat, and Twitter.
Written by Zack Whittaker, Contributor
(Image: file photo)

Researchers have found a new type of Android malware found in thousands of apps, posing as popular titles -- including Facebook, Snapchat, Twitter, and more.

Making matters worse, it's almost impossible to remove, forcing a user to replace their device entirely.

Lookout Security, a mobile security firm, discovered the new so-called "trojanized adware," which puts a new twist on how cybercriminals are generating money.

By taking legitimate apps from the Google Play store, malicious actors will repackage the app with baked-in adware, and serve it to a third-party app store. In many cases, the apps are still fully functional and doesn't alert the device owner.

It works like this: the user installs an app from a third-party store, and the app auto-roots gaining access to the entire phone's system -- an act alone that punches a hole in Android's security, opening up more ways for hackers to launch their attacks. Periodically from there, the app will serve ads, which generates money for the attacker.

"Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy," said the company in a blog post.

The good news is that the company said there is no indication that users who install apps from Google Play, Android's official app store, are affected.

The San Francisco, Calif.-based security firm said there exists at least three similar families of Android-based trojanized adware, which serve ads -- Shuanet, Kemoge (known as ShiftyBug), and Shudun (or GhostPush).

"Together, the three are responsible for over 20,000 repackaged apps, including Okta's two-factor authentication app," the researchers wrote.

The big headache, particularly in targeting enterprise apps like Okta, is that these apps may gain access to data they are not supposed to, including sensitive corporate data.

The researchers said the highest detection rates are in the US and Germany, and other high Android market share countries, like Russia, Brazil, and Mexico, adding that they expect trojanized malware to "continue gaining sophistication over time."

Editorial standards