Jump to content

Shedun: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Yobot (talk | contribs)
Bots
4,733,870 edits
m WP:CHECKWIKI error fixes using AWB (12002)
mNo edit summary
Line 1: Line 1:
'''Shedun''' is a family of [[malware]] software (also known as Kemoge, Shiftybug and Shuanet<ref name="securityweek.com">{{cite web|url=http://www.securityweek.com/android-adware-abuses-accessibility-service-install-apps|title=Android Adware Abuses Accessibility Service to Install Apps - SecurityWeek.Com|publisher=}}</ref><ref name="manishsingh">{{cite web|url=http://gadgets.ndtv.com/apps/news/new-android-adware-can-download-install-apps-without-permission-report-768664|title=New Android Adware Can Download, Install Apps Without Permission: Report|author=Manish Singh|work=NDTV Gadgets360.com}}</ref>) targeting the [[Android (operating system)]] first identified in late 2015 by mobile security company [[Lookout (company)]], affecting roughly 20,000<ref name="appleinsider.com">{{cite web|url=http://forums.appleinsider.com/discussion/189949/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android|title=Three new malware strains infect 20k apps, impossible to wipe, only affect Android|work=AppleInsider Forums}}</ref> popular Android applications.<ref name="manishsingh"/><ref name="dailymail.co.uk">{{cite web|url=http://www.dailymail.co.uk/sciencetech/article-3306142/Hackers-reveal-Android-malware-IMPOSSIBLE-remove-Malicious-bug-20-000-apps.html|title=Hackers reveal Android trojan malware that is IMPOSSIBLE to remove|date=5 November 2015|work=Mail Online}}</ref><ref>{{cite web|url=http://www.droidreport.com/android-malware-loose-shuanet-shiftybug-shedun-signatures-found-20000-apps-outside-google-11664|title=Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store|work=Droid Report}}</ref>
'''Shedun''' is a family of [[malware]] software (also known as Kemoge, Shiftybug and Shuanet<ref name="securityweek.com">{{cite web|url=http://www.securityweek.com/android-adware-abuses-accessibility-service-install-apps|title=Android Adware Abuses Accessibility Service to Install Apps - SecurityWeek.Com|publisher=}}</ref><ref name="manishsingh">{{cite web|url=http://gadgets.ndtv.com/apps/news/new-android-adware-can-download-install-apps-without-permission-report-768664|title=New Android Adware Can Download, Install Apps Without Permission: Report|author=Manish Singh|work=NDTV Gadgets360.com}}</ref>) targeting the [[Android (operating system)]] first identified in late 2015 by mobile security company [[Lookout (company)]], affecting roughly 20,000<ref name="appleinsider.com">{{cite web|url=http://forums.appleinsider.com/discussion/189949/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android|title=Three new malware strains infect 20k apps, impossible to wipe, only affect Android|work=AppleInsider Forums}}</ref> popular Android applications.<ref name="manishsingh"/><ref name="dailymail.co.uk">{{cite web|url=http://www.dailymail.co.uk/sciencetech/article-3306142/Hackers-reveal-Android-malware-IMPOSSIBLE-remove-Malicious-bug-20-000-apps.html|title=Hackers reveal Android trojan malware that is IMPOSSIBLE to remove|date=5 November 2015|work=Mail Online}}</ref><ref>{{cite web|url=http://www.droidreport.com/android-malware-loose-shuanet-shiftybug-shedun-signatures-found-20000-apps-outside-google-11664|title=Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store|work=Droid Report}}</ref><ref>http://darkmatters.norsecorp.com/2015/11/20/shedun/</ref>


[[Avira]] Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.<ref name="avira.com">{{cite web|url=http://blog.avira.com/shedun/|title=Shedun: adware/malware family threatening your Android device|work=Avira Blog}}</ref>
[[Avira]] Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.<ref name="avira.com">{{cite web|url=http://blog.avira.com/shedun/|title=Shedun: adware/malware family threatening your Android device|work=Avira Blog}}</ref>
All three variants of the virus are known to share roughly ~80% of the same source code.<ref>http://www.elektronikpraxis.vogel.de/iot/security/articles/510900/</ref><ref>http://www.itseccity.de/virenwarnung/hintergrund/lookout021215.html</ref>


The malware's primary attack vector is repackaging legitimate Android applications (e.g. [[Facebook apps|Facebook]], [[Twitter]], [[WhatsApp]])<ref name="appleinsider.com"/><ref>{{cite web|url=http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/|title=New type of auto-rooting Android adware is nearly impossible to remove|work=Ars Technica}}</ref><ref name="michaelmimoso">{{cite web|url=https://threatpost.com/shuanet-adware-rooting-android-devices-via-trojanized-apps/115265/|title=Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news|author=Michael Mimoso|work=Threatpost - The first stop for security news}}</ref> with adware included, the apps which remains functional is the released to a third party app store; once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation<ref name="michaelmimoso"/>), most users cannot get rid of the virus without getting a new device.<ref name="dailymail.co.uk"/>
The malware's primary attack vector is repackaging legitimate Android applications (e.g. [[Facebook apps|Facebook]], [[Twitter]], [[WhatsApp]], Candy Crush, Google Now, Snapchat<ref>https://blog.botfrei.de/2015/11/android-trojaner-auf-dem-vormarsch/</ref>)<ref name="appleinsider.com"/><ref>{{cite web|url=http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/|title=New type of auto-rooting Android adware is nearly impossible to remove|work=Ars Technica}}</ref><ref name="michaelmimoso">{{cite web|url=https://threatpost.com/shuanet-adware-rooting-android-devices-via-trojanized-apps/115265/|title=Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news|author=Michael Mimoso|work=Threatpost - The first stop for security news}}</ref> with adware included, the app which remains functional is then released to a third party app store<ref>http://www.itespresso.de/2015/11/23/shedun-adware-nistet-sich-gegen-den-willen-der-nutzer-in-android-ein/</ref>; once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation<ref name="michaelmimoso"/>), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to [[Rooting (Android OS)|root]] affected devices and re-flash a custom [[Read-only memory|ROM]].<ref name="dailymail.co.uk"/><ref>http://en.yibada.com/articles/82763/20151108/android-trojan-software-morphs-real-apps-nearly-impossible-remove-device.htm</ref><ref>http://www.golem.de/news/android-malware-schadsoftware-rootet-und-infiziert-geraete-unwiederbringlich-1511-117307.html</ref>
Shedun-family malware is known for [[Rooting (Android OS)|rooting the Android OS]] (causing a potential [[privilege escalation]]<ref name="michaelmimoso"/><ref>{{cite web|url=http://www.extremetech.com/mobile/217544-new-android-adware-tries-to-root-your-phone-so-you-cant-remove-it|title=New Android adware tries to root your phone so you can’t remove it|work=ExtremeTech}}</ref>)<ref>{{cite web|url=http://www.scmagazineuk.com/more-than-20000-apps-auto-root-android-devices/article/451797/|title=More than 20,000 apps auto-root Android devices|work=SC Magazine UK}}</ref> and for serving [[Trojan horse (computing)|trojanized]] [[adware]] and install themselves within the [[Partition (computers)|system partition]] of the [[operating system]], so that not even a [[factory reset]] can remove the malware from infected devices.<ref name="theregister.co.uk">{{cite web|url=http://www.theregister.co.uk/2015/11/20/shedun_adware/|title=Android's accessibility service grants god-mode p0wn power|publisher=}}</ref><ref>{{cite web|url=https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/ |title=Trojanized adware family abuses accessibility service to install whatever apps it wants &#124; Lookout Blog |website=Blog.lookout.com |date=2015-11-19 |accessdate=2016-04-10}}</ref>
Shedun-family malware is known for auto-[[Rooting (Android OS)|rooting the Android OS]] <ref>http://techreport.com/news/29281/trojan-adware-on-android-can-give-itself-root-access</ref><ref>http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/</ref> using well-known [[Exploit (computer security)|exploits]] like ExynosAbuse, Memexploit und Framaroot <ref>http://praxistipps.chip.de/shedun-shuanet-und-shiftybug-android-smartphone-vor-malware-schuetzen_44475</ref> (causing a potential [[privilege escalation]]<ref>http://blog.check-and-secure.com/android-nutzer-achtung-vor-trojaner-adware-shedun_15-11-25/</ref><ref name="michaelmimoso"/><ref>{{cite web|url=http://www.extremetech.com/mobile/217544-new-android-adware-tries-to-root-your-phone-so-you-cant-remove-it|title=New Android adware tries to root your phone so you can’t remove it|work=ExtremeTech}}</ref>)<ref>{{cite web|url=http://www.scmagazineuk.com/more-than-20000-apps-auto-root-android-devices/article/451797/|title=More than 20,000 apps auto-root Android devices|work=SC Magazine UK}}</ref> and for serving [[Trojan horse (computing)|trojanized]] [[adware]] and install themselves within the [[Partition (computers)|system partition]] of the [[operating system]], so that not even a [[factory reset]] can remove the malware from infected devices.<ref name="theregister.co.uk">{{cite web|url=http://www.theregister.co.uk/2015/11/20/shedun_adware/|title=Android's accessibility service grants god-mode p0wn power|publisher=}}</ref><ref>{{cite web|url=https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/ |title=Trojanized adware family abuses accessibility service to install whatever apps it wants &#124; Lookout Blog |website=Blog.lookout.com |date=2015-11-19 |accessdate=2016-04-10}}</ref>


Shedun malware is known for targeting the [[Android Accessibility Service]],<ref name="securityweek.com"/><ref name="theregister.co.uk"/><ref>{{cite av media|url=https://www.youtube.com/watch?v=VDWmEUm6mQM|title=Shedun gaining accessibility service privileges|date=18 November 2015|publisher=|via=YouTube}}</ref> as well as for downloading and installing arbitrary applications<ref>{{cite web|url=http://thehackernews.com/2015/11/android-malware-auto-install.html|title=This Malware Can Secretly Auto-Install any Android App to Your Phone|author=Swati Khandelwal|date=20 November 2015|work=The Hacker News}}</ref> (usually adware) without permission,<ref name="manishsingh"/> it is classified as "aggressive adware" for installing [[potentially unwanted program]] applications and serving ads.<ref>{{cite web|url=http://en.yibada.com/articles/90437/20151201/android-shedun-malware.htm|title=Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?|work=Yibada}}</ref>
Shedun malware is known for targeting the [[Android Accessibility Service]],<ref>http://www.theinquirer.net/inquirer/news/2435721/shedun-trojan-adware-is-hitting-the-android-accessibility-service</ref><ref>http://securityaffairs.co/wordpress/42164/malware/shedun-trojanized-adware.html</ref><ref name="securityweek.com"/><ref name="theregister.co.uk"/><ref>{{cite av media|url=https://www.youtube.com/watch?v=VDWmEUm6mQM|title=Shedun gaining accessibility service privileges|date=18 November 2015|publisher=|via=YouTube}}</ref><ref>http://www.heise.de/security/meldung/Android-Malware-Werbeterror-wie-von-Geisterhand-3009688.html</ref><ref>http://www.trojaner-info.de/news2/der-adware-trojaner-shedun.html</ref> as well as for downloading and installing arbitrary applications<ref>{{cite web|url=http://thehackernews.com/2015/11/android-malware-auto-install.html|title=This Malware Can Secretly Auto-Install any Android App to Your Phone|author=Swati Khandelwal|date=20 November 2015|work=The Hacker News}}</ref> (usually adware) without permission,<ref name="manishsingh"/> it is classified as "aggressive adware" for installing [[potentially unwanted program]] <ref>http://www.areamobile.de/news/35337-trojaner-adware-installiert-selbststaendig-ungewollte-android-apps</ref><ref>http://androidmag.de/news/technik-news/shedun-neue-android-adware-installiert-apps-ohne-deine-einwilligung/</ref> <ref>http://winfuture.de/news,89953.html</ref>applications and serving ads.<ref>{{cite web|url=http://en.yibada.com/articles/90437/20151201/android-shedun-malware.htm|title=Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?|work=Yibada}}</ref>


As of April 2016, Shedun malware is, by most security researchers, considered to be next to impossible to remove entirely.<ref>{{cite news|url=http://www.theinquirer.net/inquirer/news/2435721/shedun-trojan-adware-is-hitting-the-android-accessibility-service |title=Shedun trojan adware is hitting the Android Accessibility Service |newspaper=[[The Inquirer]] |date=2015-11-20 |accessdate=2016-04-10}}</ref><ref>{{cite web|url=https://blog.lookout.com/blog/2015/11/04/trojanized-adware/ |title=Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire &#124; Lookout Blog |website=Blog.lookout.com |date=2015-11-04 |accessdate=2016-04-10}}</ref><ref>{{cite web|url=http://betanews.com/2015/11/05/shuanet-shiftybug-and-shedun-malware-could-auto-root-your-android/ |title=Shuanet, ShiftyBug and Shedun malware could auto-root your Android |website=Betanews.com |date= |accessdate=2016-04-10}}</ref><ref>{{cite web|url=http://www.techtimes.com/articles/104373/20151109/new-family-of-android-malware-virtually-impossible-to-remove-say-hello-to-shedun-shuanet-and-shiftybug.htm |title=New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH |publisher=Tech Times |date= |accessdate=2016-04-10}}</ref><ref>{{cite web|last=Goodin |first=Dan |url=http://arstechnica.com/security/2015/11/android-adware-can-install-itself-even-when-users-explicitly-reject-it/ |title=Android adware can install itself even when users explicitly reject it |publisher=Ars Technica |date=2015-11-19 |accessdate=2016-04-10}}</ref>
As of April 2016, Shedun malware is, by most security researchers, considered to be next to impossible to remove entirely.<ref>http://www.noz.de/deutschland-welt/gut-zu-wissen/artikel/635820/gefahrliche-android-schadsoftware-oft-hilft-nur-neues-gerat-1</ref><ref>{{cite news|url=http://www.theinquirer.net/inquirer/news/2435721/shedun-trojan-adware-is-hitting-the-android-accessibility-service |title=Shedun trojan adware is hitting the Android Accessibility Service |newspaper=[[The Inquirer]] |date=2015-11-20 |accessdate=2016-04-10}}</ref><ref>{{cite web|url=https://blog.lookout.com/blog/2015/11/04/trojanized-adware/ |title=Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire &#124; Lookout Blog |website=Blog.lookout.com |date=2015-11-04 |accessdate=2016-04-10}}</ref><ref>{{cite web|url=http://betanews.com/2015/11/05/shuanet-shiftybug-and-shedun-malware-could-auto-root-your-android/ |title=Shuanet, ShiftyBug and Shedun malware could auto-root your Android |website=Betanews.com |date= |accessdate=2016-04-10}}</ref><ref>{{cite web|url=http://www.techtimes.com/articles/104373/20151109/new-family-of-android-malware-virtually-impossible-to-remove-say-hello-to-shedun-shuanet-and-shiftybug.htm |title=New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH |publisher=Tech Times |date= |accessdate=2016-04-10}}</ref><ref>{{cite web|last=Goodin |first=Dan |url=http://arstechnica.com/security/2015/11/android-adware-can-install-itself-even-when-users-explicitly-reject-it/ |title=Android adware can install itself even when users explicitly reject it |publisher=Ars Technica |date=2015-11-19 |accessdate=2016-04-10}}</ref>


[[Avira]] Security researcher Pavel Ponomariov, specialized in Android malware detection tools, mobile threats detection and mobile malware detection automation research, has published an in-depth analysis of the computer virus.<ref name="avira.com"/>
[[Avira]] Security researcher Pavel Ponomariov, specialized in Android malware detection tools, mobile threats detection and mobile malware detection automation research, has published an in-depth analysis of the computer virus.<ref name="avira.com"/>

Revision as of 13:49, 18 April 2016

Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet[1][2]) targeting the Android (operating system) first identified in late 2015 by mobile security company Lookout (company), affecting roughly 20,000[3] popular Android applications.[2][4][5][6]

Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.[7] All three variants of the virus are known to share roughly ~80% of the same source code.[8][9]

The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat[10])[3][11][12] with adware included, the app which remains functional is then released to a third party app store[13]; once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation[12]), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.[4][14][15]

Shedun-family malware is known for auto-rooting the Android OS [16][17] using well-known exploits like ExynosAbuse, Memexploit und Framaroot [18] (causing a potential privilege escalation[19][12][20])[21] and for serving trojanized adware and install themselves within the system partition of the operating system, so that not even a factory reset can remove the malware from infected devices.[22][23]

Shedun malware is known for targeting the Android Accessibility Service,[24][25][1][22][26][27][28] as well as for downloading and installing arbitrary applications[29] (usually adware) without permission,[2] it is classified as "aggressive adware" for installing potentially unwanted program [30][31] [32]applications and serving ads.[33]

As of April 2016, Shedun malware is, by most security researchers, considered to be next to impossible to remove entirely.[34][35][36][37][38][39]

Avira Security researcher Pavel Ponomariov, specialized in Android malware detection tools, mobile threats detection and mobile malware detection automation research, has published an in-depth analysis of the computer virus.[7]

See also

References

  1. ^ a b "Android Adware Abuses Accessibility Service to Install Apps - SecurityWeek.Com".
  2. ^ a b c Manish Singh. "New Android Adware Can Download, Install Apps Without Permission: Report". NDTV Gadgets360.com.
  3. ^ a b "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". AppleInsider Forums.
  4. ^ a b "Hackers reveal Android trojan malware that is IMPOSSIBLE to remove". Mail Online. 5 November 2015.
  5. ^ "Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store". Droid Report.
  6. ^ http://darkmatters.norsecorp.com/2015/11/20/shedun/
  7. ^ a b "Shedun: adware/malware family threatening your Android device". Avira Blog.
  8. ^ http://www.elektronikpraxis.vogel.de/iot/security/articles/510900/
  9. ^ http://www.itseccity.de/virenwarnung/hintergrund/lookout021215.html
  10. ^ https://blog.botfrei.de/2015/11/android-trojaner-auf-dem-vormarsch/
  11. ^ "New type of auto-rooting Android adware is nearly impossible to remove". Ars Technica.
  12. ^ a b c Michael Mimoso. "Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news". Threatpost - The first stop for security news.
  13. ^ http://www.itespresso.de/2015/11/23/shedun-adware-nistet-sich-gegen-den-willen-der-nutzer-in-android-ein/
  14. ^ http://en.yibada.com/articles/82763/20151108/android-trojan-software-morphs-real-apps-nearly-impossible-remove-device.htm
  15. ^ http://www.golem.de/news/android-malware-schadsoftware-rootet-und-infiziert-geraete-unwiederbringlich-1511-117307.html
  16. ^ http://techreport.com/news/29281/trojan-adware-on-android-can-give-itself-root-access
  17. ^ http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/
  18. ^ http://praxistipps.chip.de/shedun-shuanet-und-shiftybug-android-smartphone-vor-malware-schuetzen_44475
  19. ^ http://blog.check-and-secure.com/android-nutzer-achtung-vor-trojaner-adware-shedun_15-11-25/
  20. ^ "New Android adware tries to root your phone so you can't remove it". ExtremeTech.
  21. ^ "More than 20,000 apps auto-root Android devices". SC Magazine UK.
  22. ^ a b "Android's accessibility service grants god-mode p0wn power".
  23. ^ "Trojanized adware family abuses accessibility service to install whatever apps it wants | Lookout Blog". Blog.lookout.com. 2015-11-19. Retrieved 2016-04-10.
  24. ^ http://www.theinquirer.net/inquirer/news/2435721/shedun-trojan-adware-is-hitting-the-android-accessibility-service
  25. ^ http://securityaffairs.co/wordpress/42164/malware/shedun-trojanized-adware.html
  26. ^ Shedun gaining accessibility service privileges. 18 November 2015 – via YouTube.
  27. ^ http://www.heise.de/security/meldung/Android-Malware-Werbeterror-wie-von-Geisterhand-3009688.html
  28. ^ http://www.trojaner-info.de/news2/der-adware-trojaner-shedun.html
  29. ^ Swati Khandelwal (20 November 2015). "This Malware Can Secretly Auto-Install any Android App to Your Phone". The Hacker News.
  30. ^ http://www.areamobile.de/news/35337-trojaner-adware-installiert-selbststaendig-ungewollte-android-apps
  31. ^ http://androidmag.de/news/technik-news/shedun-neue-android-adware-installiert-apps-ohne-deine-einwilligung/
  32. ^ http://winfuture.de/news,89953.html
  33. ^ "Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?". Yibada.
  34. ^ http://www.noz.de/deutschland-welt/gut-zu-wissen/artikel/635820/gefahrliche-android-schadsoftware-oft-hilft-nur-neues-gerat-1
  35. ^ "Shedun trojan adware is hitting the Android Accessibility Service". The Inquirer. 2015-11-20. Retrieved 2016-04-10.
  36. ^ "Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire | Lookout Blog". Blog.lookout.com. 2015-11-04. Retrieved 2016-04-10.
  37. ^ "Shuanet, ShiftyBug and Shedun malware could auto-root your Android". Betanews.com. Retrieved 2016-04-10.
  38. ^ "New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH". Tech Times. Retrieved 2016-04-10.
  39. ^ Goodin, Dan (2015-11-19). "Android adware can install itself even when users explicitly reject it". Ars Technica. Retrieved 2016-04-10.


Stub icon

This software article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Shedun&oldid=715876243"