A newly discovered dangerous Android malware is so bad that it is nearly impossible to remove it. As discovered by security firm Lookout, it is very hard to remove this malware and in some cases you might end up losing your smartphone permanently.
Lookout reports that it has found 20,000 samples of trojanized apps that are cloned copy of their original version, but with a harmful code inside. Once installed on your phone, these apps automatically root the victim’s device, get the system-level permissions and install the customized version of popular apps like Facebook, Candy Crush, Twitter, WhatsApp and more, with harmful code inside.
The research firm states that although Android usually don’t allow apps to access the files created by other apps, but when the device is rooted, these limitations can be easily bypassed. As at that time, the malware acts as a super user and disables all the security features. This is why it becomes nearly impossible to remove the malware from victim’s phone. Even a factory reset will not help you, as it already has root privileges.
“For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone,” wrote Lookout’s Michael Bentley in a blog post. “Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy.”
Although Lookout researchers believe that this malware is only used to display ads, but with root privileges, they can do anything they want. I mean they can even bypass Android’s default security and see the users login credentials, which is not allowed in a normal and non-effected Android device.
Lookout claims that these malwares – named Shedun, Shaunet, and ShiftyBug, have been discovered mostly in the US, India, Russia, Iran, Germany, Sudan, Brazil, Mexico, Indonesia and Jamaica. They are usually downloaded into victim’s phones via third-party app stores. And the good thing is that currently Google Play Store is safe, there is no sign of these trojanized apps in the Play Store.
Currently we don’t know if these malware are connected or different. But as all of them have very similar codes, so there might be a relation between these three.
To all those Android users who are currently reading this report, we recommend you to always install apps from the Google Play Store. And make sure the “Unknown Sources” option in Settings >> Security page, is disabled.