Skip to main content
  1. Home
  2. Mobile
  3. Android
  4. News

Watch out! This Android malware melds to your OS, and is near impossible to delete

Andy Boxall
By

history of malware android
Security company Lookout is warning Android device owners about a new type of malware app, which not only secretly roots your phone, but also installs itself as a system application — making it extremely difficult to remove. How difficult? If you’re not technically inclined enough to entirely replace the ROM, then a brand-new phone may be the easiest way to escape its clutches.

Lookout refers to the virus as trojanized adware, and it’s hiding inside apps that appear to be legitimate versions of very popular apps, including Facebook, Twitter, Candy Crush, NYTimes, Google Now, Snapchat, and WhatsApp. The company has even seen compromised versions of two-step authentication app Okta.

However, before you start desperately trying to uninstall those apps from your phone, the malware-infected versions aren’t the originals, and have only been discovered in third-party app stores, not Google Play. If you’ve only been playing inside Google’s store, then you should be fine.

The infected apps are very clever. Lookout has detected 20,000 examples, and most work in exactly the same way as the apps they copy, making it more difficult for you to detect and therefore, less likely to try and uninstall it. With root access to your phone, the app becomes ingrained in the OS, which is how it becomes almost impossible to delete. Once up and running, ads will be pushed to your phone, and worse, apps can be downloaded and installed without your consent. Why? Because delivering ads and installing apps make the attackers money.

Apps infected with the trojans — known as Shuanet, Kemoge/ShiftyBug, and Shedun/GhostPush — have been discovered in many parts of the world, with the U.S, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia being the worst hit, according to the report. Lookout warns this type of adware attack will only get more sophisticated, and make better use of root access to a phone, over time.

If you’ve been downloading apps from Android app stores other than Google Play (Amazon is probably safe too), and are worried you may have fallen victim to the trojanized adware, there’s a sure way to find out. Remember, the infected apps almost certainly cannot be uninstalled. If you can drag and uninstall the app, chances are it’s fine. Lookout doesn’t provide a complete list of apps that have been targeted by the malware, but does say it’s popular “first-tier” apps that are repackaged and sent out.

Editors' Recommendations

Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
iOS 16’s infuriating copy-and-paste permission pop-up is being fixed
The iPhone 14 laying on top of a succulent. It's showing the Home Screen.
Spellcheckers in Google Chrome could expose your passwords
Office computer with login asking for password and username.
iPhone Flip: what we know about Apple’s foldable plan
Apple iPhone Flip prototype.
Google Chromecast tips and tricks to make you a master caster
Apple TV app on Chromecast with Google TV
I want to love the iPhone 14 Pro’s Dynamic Island, but I can’t
Dynamic Island in Telegram.
Satellite connectivity on iPhone 14 is great, but its future is far more exciting
Communications satellite in Earth orbit.
How to use the Galaxy Z Fold 4’s massive screen without losing your mind
Samsung Galaxy Z Fold 4.
Best Phone Deals: Save on Google Pixel 6, Galaxy S22 Ultra
Galaxy S22 Ultra and iPhone 13 Pro cameras seen from the back.
Does the iPhone 14 have a 120Hz display?
Someone holding an iPhone 14, showing the Lock Screen.
How to transfer WhatsApp messages from Android to iPhone
Two phones on a table next to each other. One is showing the WhatsApp logo, and the other is running the WhatsApp application.
Best cheap Fitbit deals for September 2022
fitbit versa review version 1522045407 full 19
The Uber hack is an outrageous tale of a teen hacking for fun
An Uber cab