New Android virus: Can root any phone and cannot be deleted

[[155228]]

Beijing time, November 6th morning news, mobile security company Lookout Security discovered a new type of "Trojan adware", indicating that cyber criminals are exploring new ways to generate revenue.

Researchers have found the malware in thousands of Android apps, implanting it into popular apps like Facebook, Snapchat and Twitter to trick users. Worse still, the malware is nearly impossible to remove, forcing users to completely replace their devices.

Cybercriminals first obtain legitimate apps from the Google Play Store, then repackage them, insert adware into them, and upload them to third-party app stores. In many cases, these apps remain fully functional and do not alert the device owner.

The general pattern is as follows: a user installs an app from a third-party app store, which automatically roots the entire phone system, like poking a hole in the Android security system, opening up more attack channels for hackers. From then on, the app will regularly display ads, generating revenue for the attacker.

"Because these adware root the device and install themselves as system apps, they are almost impossible to remove, often forcing victims to completely replace their devices," Lookout Security said in a blog post. The good news is that users who install apps through Google Play, Google's official app store, are not affected by this.

The company also said that there are at least three similar Trojan adware, including Shuanet, Kemoge (ShiftyBug) and Shudun (GhostPush).

"The three adware strains collectively uploaded 20,000 repackaged apps, including Okta's two-step verification app," the researchers wrote.

The most troublesome thing is that these apps may obtain information they don't want to access, including sensitive corporate data.

Researchers said that the countries most affected by this software are the United States and Germany, and Russia, Brazil and Mexico have also been affected to a certain extent. The scope of impact is expected to expand further.