A new Android malware was recently discovered in the wild. That malware automatically roots your device, hides itself in your core directories, and is impossible to remove from some devices.

That frightening new malware was discovered by security firm Lookout, which claimed to have found more than 20,000 samples of the auto-rooting malware in the wild.

To be clear, those 20,000 samples refer to apps that have been victimized by the virus: there are 20,000 apps out there just waiting to infect you with this auto-rooting malware.

After infecting your device, the so-called “Trojanized adware” roots your Android, then installs itself as a system application. This ensures the app is always on your device – you can’t uninstall it. You can’t even root it or remove it via a factory data reset wipe.

The malware appears to go by a few different names, including Shuanet, Kemoge, ShiftyBug, Shudun, and GhostPush. A few weeks ago, we had only heard about the Kemoge malware. Today, there are a few different variations.

auto root virus

Types of Infected Apps

The Trojanized apps have been identified across the internet (fortunately, they’re not on the Google Play Store).

The apps include copies of popular apps like Snapchat, WhatsApp, Candy Crush, Google Now, and NYTimes.

The apps are designed to look identical to the official apps on the Google Play Store. One missed tap with your finger and you could inadvertently install the auto-rooting malware.

What Happens If You’re Infected?

After the malware installs itself on Android, it grants itself root access.

After gaining root access, the app can break out of its restricted sandbox (which is one of the inherent security features on Android) and then begin to take control of your entire device – including your applications and data.

auto root virus 2

The ultimate goal of the app is to aggressively display advertisements on infected devices to give money to the attacker.

At this point, that appears to be the only goal of the malware: it’s just a really insanely aggressive form of adware.

Infected Devices Are in the United States, Germany, and Other Parts of the World

This isn’t one of those attacks confined to the developing world: attacks have been spotted all over the world, including the United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Indonesia, and Mexico.

How to Avoid this Virus

The adware is virtually impossible to remove from some devices, so your best bet is to wait for a fix delivered via antivirus software in the near future.

If you haven’t yet been infected, make sure you stay away from third party app stores (how many times have you heard that before?).

All of the 20,000 infected apps are found on third party app stores across the internet – so if you’re the type who downloads free premium apps from third party app stores – you should probably stop. Or you might end up with a virus you can never get rid of.

Leave a Reply

You must be logged in to post a comment.