Extreme infection via Twitter and Facebook fake apps for rogue & unremovable Android poor adware
A new type of adware that disguised as popular applications such as Twitter, Facebook, Google Now, etc. was discovered. The discovered adware is installed as a system application, automatically acquires the root authority of the terminal and becomes unable to delete it, and more than 20,000 fake applications including this adware are found.
Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire | Lookout Blog
According to Lookout of a security company that found adware, this adware is repackaged with popular applications, code embedded, as if it is distributed and distributed as if it is related to the official application. For example, adware is mixed in what is distributed as a two-step authentication login application of the service "Okta" that manages the company's cloud application, and so on.
The type discovered this time is a special type of robbing the root authority automatically, and if you install it there is a possibility that data in the terminal will be accessed or malware will be installed. Also, as it is installed as a system application, it should also be noted that deleting is impossible once installed.
Lookout discovers more than 20,000 applications with adware pretending to be official applications such as Twitter · Facebook · Candy Crush · Snapchat · Google Now in the United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, Indonesia . People installing the application from a non-regular app store other than Google Play should be cautious as adware is said to be delivered by a third-party app store.
Three adware called "Shuanet" "Kemoge" "Shedun" which automatically acquires the root authority that the company found in the past is about 71 to 82% of the code of more than 20 thousand apps discovered this time and Lookout Although they do not know whether or not the creators are the same because they agree with each other, we are carrying out investigations considering that there is some relation.
Since adware works in the background, it is difficult to notice that general users are infected. If it gets infected, you should consider showing it to a security expert or replacing it with a new terminal.
Violent malware that forcibly installs even if the user refuses to install unauthorized application - GIGAZINE