Android users have once again another reason to fear for their privacy and security in Google’s operating system after security analysts at Lookout revealed a host of new malware that, according to experts, will be very hard to remove from the ecosystem.
This new malware issue highlights the importance of making sure that the app you download and install in your mobile comes only from trusted sources and not third-party app stores.
Lookout researchers attributed the security problem to the bugs called Shuanet, ShiftyBug and GhostPush. According to the security vendor, the bugs have been responsible for the injection of adware into a great deal of apps and uploaded them to third party sources.
The findings resulted from a thorough examination of about 20,000 apps, some of them popular among Android users. Lookout security experts concluded with certainty that the bugs belonged to the same family after finding a close similarity in their codes.
Popular apps affected by the malware’s repackaging technique include the most widely used apps like Facebook and Twitter, among others, though security apps were excluded from the repackaging scheme for some bizarre reasons.
It is worth pointing out that no new exploit has been used with the malicious, repackaged apps. The culprit, in fact, are some root kits that exploit vulnerabilities in the apps. In other words, the nasty apps are designed to root your mobile device that runs Android and conceals the shenanigan from the phone’s owner.
Note that these malicious apps are not like the usual adware-infected apps whose activities you can easily detect, prompting you to remove them from your device. The malicious apps we are talking about here work in the background, making them extremely difficult to spot on for unsuspecting users.
In addition to the functions the developers intended for the apps to perform, the repackaged apps were injected with codes that do more devastating results to Android users. When a Facebook user, for example, updates his or her status or uploads photo, the malicious apps working in the background steal user information and send it to the attacker’s command and control server, where it will be used for various other malicious activities.
The most dangerous thing about these Android bugs is that users will not be able to remove them from their devices. The only way to avoid being the victim of the malware is to purchase a brand new handset, which will cost a lot.