New ‘impossible to wipe’ malware strands hit Android users

The constant influx of dangerous malware on Android devices should come as no surprise to anyone – but three new strands are causing havoc by making sure users can never delete them.

The new pieces of malware, named Shedun, Shuanet and ShiftyBug have infected over 20,000 apps, many of which are very popular among the Android community, including top apps such as Facebook, Twitter, Candy Crush, WhatsApp, Twitter and NYTimes.

As researchers from Lookout, the mobile security firm which detected the malware, explained, 'malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores.'

> See also: 1 BILLION records of personally identifiable information were leaked in 2014, Android to blame

'Indeed, we believe many of these apps are actually fully-functional, providing their usual services, in addition to the malicious code that roots the device.'

Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user.

In the end, warned Lookout security researcher Michael Bentley, users are left with no other option to remove it other than 'a trip to the store to buy a new phone'.

Craig Young, Security Researcher at Tripwire, gave insight into the fundamental vulnerabilities Android ecosystem and explains what users must do to protect themselves.

'The presence of auto-rooting malware in the Android ecosystem is the direct result of three key factors within the technology,' said Young.

'First is the fact that there is no one central authority for maintaining the software on the multitudes of different Android handsets. This has created vast numbers of out of date devices with known vulnerabilities often published by the Android community to help users remove preloaded carrier apps.'

The second condition is the openness of Android in that users are not limited to apps from a single source, Young explained.

> See also: Why Google should be doing much more to secure Android

'Finally, the ease with which applications can be downloaded, modified, and repackaged for third party app stores made it inevitable that attackers would create trojanised variants of legitimate software.'

'Users should be running antivirus software on their handset, particularly if using some software not originating from the play store.' 

In this case, infected users should contact device manufacturers for instructions on flashing factory firmware to recover, Young added.

Tech Times reporter Vamien McKallin warns that if users want to save themselves from having to buy a whole new device, they must only download apps from the Google Play Store. As it stands there is no way for third-party stores to prevent malware infecting devices.

Despite being notoriously susceptible to security flaws, Android devices remain the top choice for members of the global c-suite, with 52% of sensior business executives using them, according to research released today by CNBC.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics