Violent malware that forcibly installs even if the user refuses to install unauthorized applications


It has already been discoveredNon-deleteable malware "Shuanet" "Kemoge (Shifty Bug)" "Shedun"Has a function to automatically install unauthorized applications and found that there is a terrible ability to install it without permission even if the user refuses to install illegal applications. In addition, this villainous malware is evaluated as "wise to replace smartphones at the end if infected" by security experts.

Trojanized adware family abuses accessibility service to install whatever apps it wants | Lookout Blog

This Android malware is so bad, you might be better off buying a new phone

So farMalware stealing bank account numberYaRansomware to intimidate "Please give me money if you want me to return the data"Many malicious malware such as malware has appeared, but the malware itself was able to be exterminated. However, security countermeasure companyLookoutFound that the three types of malware "Shedun" "Shuanet" "Shifty Bug" can not be disinfected even if factory resetting the terminal.

Extreme infection spreading through Twitter and Facebook fake apps for rogue & unremovable Android poor adware - GIGAZINE

Once these malware infects the terminal, it gets root authority and embeds itself as a system level service. After that, we intrude into popular applications such as Facebook, Twitter, WatsApp, etc. Even if you uninstall and reinstall those applications, malware seems to remain intact for most of the functionality.

These villainy malware has the function of installing adware without user's permission to display pop-up advertisement and installing other malware without permission. Also, it has been pointed out that there is a danger in terms of both security and privacy, since villainy malware can unauthorized access to the system level.

And it turned out that this malware has the ability to execute the installation arbitrarily even if the user refuses to install the application. In the following movies, a terminal infected with malware Shedun shows that installation work is performed automatically even if the user closes the installer of the unauthorized application.

Shedun taking advantage of accessibility service - YouTube

Install screen of "DollarMobi" application. When installing it, you will tap "Install Now" at the bottom of the screen.

The user who decided not to install tap "x" on the screen and erase the installer screen ... ...

For some reason "Start to download apps (DollarMobi)" is displayed.

The download was completed and the application installation screen appeared. Of course, the user does not operate.

While setting up a creepy sound called "crispy", I scrolled down the acceptance letter of the screen downwards and came up to ask about whether installation is possible or not. If you press "Cancel" you can cancel the installation work, if you press "Install", it will install properly.

Installation is started without giving the user time to select "Cancel".

Installation complete.

"DollarMobi" application launched.

These villainous malware are spreading through third party app stores that are not Google Play stores, and it has already been confirmed that they are hiding in more than 20,000 applications. According to Lookout, infected cases are found in the United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, Indonesia. Android smartphone users conclude that avoiding third-party app stores and using only the Google Play store is the best preventive work.

in Mobile,   Software,   Video, Posted by darkhorse_log