{"id":8714,"date":"2015-11-05T16:27:56","date_gmt":"2015-11-05T20:27:56","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8714"},"modified":"2015-11-05T16:27:56","modified_gmt":"2015-11-05T20:27:56","slug":"newly-discovered-adware-digs-its-claws-deep-into-android-is-nearly-impossible-to-remove","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/newly-discovered-adware-digs-its-claws-deep-into-android-is-nearly-impossible-to-remove\/","title":{"rendered":"Newly discovered adware digs its claws deep into Android, is nearly impossible to remove"},"content":{"rendered":"<p>Security researchers found over 20,000 adware samples hiding in apps that masquerade as Facebook, Twitter, Snapchat, and other popular services.<\/p>\n<p><a href=\"http:\/\/www.pcworld.com\/author\/Derek-Walter\/\" rel=\"author\">Derek Walter<\/a> | <a class=\"author-social\" href=\"https:\/\/twitter.com\/derekwalter\" target=\"_blank\" rel=\"nofollow\">@derekwalter<\/a> | <a href=\"http:\/\/www.pcworld.com\/article\/3002043\/android\/newly-discovered-adware-digs-its-claws-deep-into-android-is-nearly-impossible-to-remove.html\" target=\"_blank\">PCWorld<\/a><\/p>\n<p>Security researchers have uncovered a new style of Android malware that hides inside of apps that act and look like they\u2019re legitimate services.<\/p>\n<p>Lookout Security described the unsavory practice as \u201ctrojanized adware.\u201d Essentially the third-party apps look and function like\u00a0Google, Facebook, Twitter, WhatsApp, and other popular apps. But once they\u2019re installed, they assign themselves system-level permission and serve up ads throughout the rest of the OS, generating money for the hacker.<\/p>\n<p>It\u2019s a new level of evil genius because the security firm says they\u2019re nearly impossible to uninstall: the best option for those who fall victim is to just ditch out on the device and pick up a new one. The trojanized apps obtain root-level access and install themselves as system apps, so even a <a href=\"http:\/\/www.greenbot.com\/article\/2458403\/how-to-perform-a-factory-reset-on-your-android-phone-or-tablet.html\" target=\"_blank\">factory reset<\/a> doesn&#8217;t get rid of them.<\/p>\n<p><strong>The impact on you:<\/strong>\u00a0While this may sound dire, it confirms our core piece of security advice: stick to the Google Play Store or Amazon App Store and always install the latest Android OS and Play Services updates. The absolute best option is to pick up a\u00a0<a href=\"http:\/\/www.greenbot.com\/article\/3000533\/smartphones\/nexus-5x-or-nexus-6p-which-one-should-you-buy.html\" target=\"_blank\">new Nexus device<\/a>, which Google has pledged will get monthly security updates directly from Mountain View. BlackBerry recently <a href=\"http:\/\/www.cio.com\/article\/3000831\/google-tries-to-woo-enterprises-with-new-android-for-work-initiatives.html\" target=\"_blank\">made a similar pledge<\/a>, with Silent Circle (maker of the Black Phone), and a few others jumping on board. So far, Google has been the most aggressive at sticking to the timeline.<\/p>\n<h2>The Wild West of Android apps<\/h2>\n<p>These miscreants are hiding out in third-party app stores and in software downloaded via the web. They still look and work like regular apps, but then release the trojanized adware into your device with nearly limitless access to key data.<\/p>\n<p>In a <a href=\"https:\/\/blog.lookout.com\/blog\/2015\/11\/04\/trojanized-adware\/\" target=\"_blank\">blog post outlining the threat<\/a>, Lookout\u2019s Michael Bentley cautioned against rooting one\u2019s phone, a popular activity by those who like to install custom ROMs and tinker with the way their phone works.<\/p>\n<p>\u201cThe act of rooting the device in the first place creates additional security risk for enterprises and individuals alike, as other apps can then get root access to the device, giving them unrestricted access to files outside of their domain. Usually applications are not allowed to access the files created by other applications, however with root access, those limitation are easily bypassed,\u201d he said.<\/p>\n<p>The security firm said there are three similar families of the trojanized adware that serve up the ads: Shuanet, Komage, and Shudun. Together, they\u2019re responsible for over 20,000 different samples of malware.<\/p>\n<aside id=\"\" class=\"nativo-promo smartphone tablet desktop\"><\/aside>\n<p>Such an issue could be a particular headache for enterprise, as the apps with root access would then be able to get their hands on sensitive company data.<\/p>\n<p>However, it reaffirms that unless you\u00a0<em>really<\/em> know what you\u2019re doing, you should avoid rooting your phone and venturing out to such uncharted waters. And, again, stick to the Google Play Store and Amazon App Store, where software is tested for malware and digitally signed before being made available.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers found over 20,000 adware samples hiding in apps that masquerade as Facebook, Twitter, Snapchat, and other popular services. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,10],"tags":[65,655],"class_list":["post-8714","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-android","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2gy","jetpack-related-posts":[{"id":7656,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/26\/the-harmful-code-recently-found-on-lenovo-machines-is-now-surfacing-in-other-apps\/","url_meta":{"origin":8714,"position":0},"title":"The harmful code recently found on Lenovo machines is now surfacing in other apps","author":"NCCT","date":"February 26, 2015","format":false,"excerpt":"As we previously reported, Lenovo apparently pre-loaded a number of its machines with Superfish adware along with other malicious code. The appearance of the potentially harmful software was not only shocking to many, but also prompted researchers to look around to see if the adware (or similar code) made it\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6833,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/11\/12\/ios-security-hole-allows-attackers-to-poison-already-installed-iphone-apps\/","url_meta":{"origin":8714,"position":1},"title":"iOS security hole allows attackers to poison already installed iPhone apps","author":"NCCT","date":"November 12, 2014","format":false,"excerpt":"Security researchers have warned of a security hole in Apple's iOS devices that could allow attackers to replace legitimate apps with booby-trapped ones, an exploit that could expose passwords, e-mails, or other sensitive user data. The \"Masque\" attack, as described by researchers from security firm FireEye, relies on enterprise provisioning\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":3197,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/19\/malware-hijacks-mobile-ad-networks-to-siphon-money\/","url_meta":{"origin":8714,"position":2},"title":"Malware hijacks mobile ad networks to siphon money","author":"NCCT","date":"August 19, 2013","format":false,"excerpt":"Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims. The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8976,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/07\/15\/this-android-trojan-blocks-victims-from-alerting-banks\/","url_meta":{"origin":8714,"position":3},"title":"This Android Trojan blocks victims from alerting banks","author":"NCCT","date":"July 15, 2016","format":false,"excerpt":"By Michael Kan | PCWorld A new Trojan that can steal your payment data will also try to stymie you from alerting your bank. Security vendor Symantec has noticed a \u201ccall-barring\u201d function within newer versions of the Android.Fakebank.B malware family. By including this function, a hacker can delay the user\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6309,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/26\/android-attack-improves-timing-allows-data-theft\/","url_meta":{"origin":8714,"position":4},"title":"Android attack improves timing, allows data theft","author":"NCCT","date":"August 26, 2014","format":false,"excerpt":"A malicious application could enable the theft of login credentials, sensitive images, and other data from Android smartphones by making use of a newly discovered information-leakage weakness in the operating system, according to a team of researchers from the University of Michigan and the University of California at Riverside. The\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3213,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/20\/researchers-manage-to-get-malware-published-in-apples-ios-app-store\/","url_meta":{"origin":8714,"position":5},"title":"Researchers manage to get malware published in Apple&#039;s iOS App Store","author":"NCCT","date":"August 20, 2013","format":false,"excerpt":"While the posting of malware remains a rare occurrence on Apple's iOS App Store, a team of security researchers figured out a way to get a malicious piece of software past Apple's certification team. The team from Georgia Tech said that the app was approved and published by Apple in\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8714"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8714\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}