Malicious adware infects 20,000 apps for Androids, almost impossible to eradicate

7 Nov, 2015 15:01

Security researchers have found a new type of Android adware, which can trojanize itself into some of the most popular apps, such as WhatsApp and Facebook. More than 20,000 apps are said to be at risk overall and once embedded, the adware is almost impossible to remove.

The adware advertises itself as legitimate apps that are extremely popular with Android users. These apps can be downloaded from third-party app stores. Many of these apps are fully functional, but they also hide a nasty secret as the adware embeds itself into the operating system.

By creating adverts, it makes money for the adware creators, however, the malware is almost impossible to remove, the tech security firm Lookout Security has discovered. If downloaded, the only way to get rid of the adware is to buy a new device, as even resetting its factory settings will not help.

"Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated," Lookout wrote in a blog post. "This is a new trend for adware and an alarming one at that."

Lookout Security say they have discovered three different families of trojanized adware, which are interconnected. These are known as Shuanet, Kemoge and Shudun and are responsible for more than 20,000 apps being infected with adware.

The hackers have also managed to get their adware into the Okta two-factor authentication enterprise security app. However, they are not looking to obtain any data, rather they are just happy to make money from generating as many adverts as possible, much to the annoyance of the users.

The US, Germany, Russia, Mexico, Jamaica, Brazil, Iran, Sudan, India and Indonesia are the countries that have been most affected by the adware, while experts are saying the best way to keep one’s smartphone safe is to download apps only from Google Play and to avoid any alternative Android app stores.


It appears that antivirus apps have been left alone by the adware, which Lookout says was deliberate by its creators in order not to raise suspicion about its actions. The security firm also said that the developments could be just the tip of the iceberg.

"We believe more families of adware trojanizing popular apps will emerge in the near future and look to dig [their] heels into the reserved file system to avoid being removed," Lookout’s Michael Bentley said on the company’s blog.