All Apple news

“Unkillable” Android Trojan is installed against the wishes of the users

In the last year been an unprecedented increase in the number of vulnerabilities and viruses on the Android platform, where were found a threat for more than a billion devices, as well as its more modern version. Experts have discovered a new family of viruses — Shedun, Shuanet and ShiftyBug that are nearly impossible to remove. Trojans bypass the protection mechanisms will have administrative rights and go deep into the system and precipitated the user annoying advertising.

Moreover, the malware moves the infected app to the system partition, which allows him to “survive” even in the case of resetting the device to factory settings. In Lookout carefully examined the Trojans and found that a variation Shedun was the most cunning and dangerous.

“Shedun related to the family of adware Trojans, it is much more sophisticated than many people think. Besides getting root access, Shedun operates the function of Accessibility Service, which aims to ensure that people with low vision, alternative methods of interaction with the device with malicious purposes, found Lookout,” he wrote in a blog a company representative Michael Bentley.

Shedun scans installed on Android smartphone apps on the subject of the permissions granted to them to AAC. Next, using the functions of the service, designed for users with physical disabilities, the Trojan reads the text on the screen, automatically scrolls the list of permissions and click on the “Install” button, with no physical user interaction is not required.

Shedun and Shuanet and ShiftyBug penetrate on Android devices under the guise of official apps (Facebook, Snapchat, WhatsApp, Twitter and others), downloaded from third-party stores. Shuanet only infects smartphones, which allow installation of programs from alternative sources.

Infections Shedun, Shuanet and ShiftyBug were identified in Russia, USA, Germany, Iran, India, Jamaica, Sudan, Brazil, Mexico and Indonesia. The experts found one interesting pattern: all three codes are identical malware is about 70-80% and this may indicate that the establishment was engaged the same team of writers.

Leave a Reply

Your email address will not be published. Required fields are marked *