Security in Android has made headlines in recent weeks and today we speak of a sophisticated adware as affecting the platform. The new threat gets root permissions to install them in the system, and show unwanted ads. What could before remove certain applications, it is much harder to do today.
Surely many are familiar with adware, a kind of malicious code that specializes in showing ads on the screen of your device, if those annoying pop language that often never seen before. As you can imagine, this kind of applications and programs are a great nuisance for users, whether plain annoying and see advertising on websites and applications that we agree voluntarily assuming that “cost” much more uncomfortable is to do nothing and have screen full of warnings, but these warnings are not the most dangerous threats on the scale.
The problem is that these threats evolve to attack more users than ever; today we have discovered a very dangerous type of adware, as we read in the press that Lookout has posted on its official blog. To be precise, we are talking about a Trojan capable of root alone, with the aim of taking up the system and complicate deletion.
Entering on technical data, it is a variant of the Shuanet family, specializing in root the device to hide itself in the system directory. It is combined with two other attack vectors Shedun- -ShiftyBug and to be able to root the largest possible number of devices, is integrated as an application of the system once it succeeds, and begins to send ads from any application.
In the cases analyzed Lookout, how to enter the devices has been relatively straightforward: the attackers have changed to 20000 known applications, leaving intact functions for the user does not suspect, and have gone to stores and application repositories alternative. The user downloads thinking it is the original, check which functions as the original, and does not suspect that the same application is being cast which ads you application.
The curious thing is that that although we have the intact device, the application can get root access itself, so slips through the system applications and complicate deleting when we realize. That exploits vulnerabilities for us to do our root devices, exploited by malicious applications to sneak into our system, in other words.
By themselves, the modified applications are not a real danger to our data, although they could be in the near future. It’s just a matter of other threats take advantage of this same technique for root without you knowing, and we could see sophisticated attacks that lose data, or delete them to blackmail us, called ransomware is fashionable in computers.
You are nearly end of this article, therefore we recommend you to read XANDEM, control rooms without cameras, to protect your home and keep connected with us.
The bulk of infected users are concentrated in the US, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico and Indonesia. The recommendations to get rid of this threat are more appropriate for advanced users that walk users: we get root access to delete the “application system” responsible, flash an image of the original factory in the Android device to make new, or even go to buy another as the Lookout own comes to recommending an exaggerated way.
Regarding avoid infection, the tips are much simpler. When installing applications, rely only on Google Play and other reputable app stores, and try to download applications from known developers. That and common sense should keep away from these threats.