This site may earn chapter commissions from the links on this page. Terms of use.

A new piece of Android malware has been revealed past security firm Lookout, and it'due south a clever one. The malware in question is a blazon of trojan adware called Shuanet, which is masquerading equally twenty,000 different popular apps. Shuanet doesn't but display ads, though. It also attempts to root whatever device information technology is installed on, allowing the malware to survive manufacturing plant resets.

Shuanet shares a lot of code with several other adware trojans that Lookout has detected recently known equally Kemoge and Shedun. What's interesting most Shuanet is that information technology doesn't seek to wreak havoc on an infected device or clog it with other malware. This is adware first and foremost, so the goal is to get people to use their devices and see the ads.

The malware operators are downloading the legitimate Android APKs of popular apps, so integrating Shuanet and reposting them in third-party app stores. The thousands of apps repackaged by Shuanet include the likes of Facebook, Snapchat, NYTimes, WhatsApp, and more than. These apps appear to function normally later beingness installed, then the user might not fifty-fifty realize anything is wrong. Merely a few annoying popup ads, but such is the price we pay for living in a connected world, correct?

ShuanetThe aspect of Shuanet that is grabbing headlines is that it roots your device, which is sort of truthful. It certainly tries to root any Android device it is installed on, but according to Lookout, information technology'southward non using any new hush-hush system vulnerabilities. Information technology's merely a parcel of older customs-developed exploits that enthusiast users install to gain root access for their own enjoyment. If Shuanet successfully roots a phone, it moves the infected app to the arrangement partitioning, which means it volition survive a factory reset. The merely way to remove it would exist to use a root-enabled file explorer to notice and remove the bundle. That would be tough if y'all didn't know which app was the source of the infection.

This isn't every bit calamitous as it sounds at first. As nosotros've mentioned in the past, there are no universal root exploits on Android, and all of the public exploits included in Shuanet take been patched (for instance ExynosAbuse and Framaroot). Thus, a device is only vulnerable if it's running a rather one-time version of Android. Notice how the example epitome provided by Lookout is a Jelly Bean telephone? A newer phone wouldn't exist rooted by Shuanet, simply the advertizing features could still work.

Information technology'southward still very hard to get infected with Shuanet. You'd have to disable installation protection, ignore the Google security warnings, and then manually install one of these apps from a shady third-party app store instead of simply getting it from Google Play. I'yard not sure who would do that, but Sentinel says it has seen it happening in the wild. It does not provide a figure for the number of infections, though.