Shedun
Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet[1][2]) targeting the Android (operating system) first identified in late 2015 by mobile security company Lookout (company), affecting roughly 20,000[3] popular Android applications.[2][4][5][6]
Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.[7] All three variants of the virus are known to share roughly ~80% of the same source code.[8][9]
The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat[10])[3][11][12] with adware included, the app which remains functional is then released to a third party app store[13]; once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation[12]), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.[4][14][15]
In addition, Shedun-type malware has been detected pre-installed on 26 different types[16] of Chinese Android-based hardware such as Smartphones and Tablet computers. [17][18][19][20] [21][22][23][24][25][26][27][28][29][30][31]
Shedun-family malware is known for auto-rooting the Android OS [32][11] using well-known exploits like ExynosAbuse, Memexploit und Framaroot [33] (causing a potential privilege escalation[34][12][35])[36] and for serving trojanized adware and install themselves within the system partition of the operating system, so that not even a factory reset can remove the malware from infected devices.[37][38]
Shedun malware is known for targeting the Android Accessibility Service,[39][40][1][37][41][42][43] as well as for downloading and installing arbitrary applications[44] (usually adware) without permission,[2] it is classified as "aggressive adware" for installing potentially unwanted program [45][46] [47]applications and serving ads.[48]
As of April 2016, Shedun malware is, by most security researchers, considered to be next to impossible to remove entirely.[49][50][51][52][53][54]
Avira Security researcher Pavel Ponomariov, specialized in Android malware detection tools, mobile threats detection and mobile malware detection automation research[55], has published an in-depth analysis of the computer virus.[7]
See also
References
- ^ a b "Android Adware Abuses Accessibility Service to Install Apps - SecurityWeek.Com".
- ^ a b c Manish Singh. "New Android Adware Can Download, Install Apps Without Permission: Report". NDTV Gadgets360.com.
- ^ a b "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". AppleInsider Forums.
- ^ a b "Hackers reveal Android trojan malware that is IMPOSSIBLE to remove". Mail Online. 5 November 2015.
- ^ "Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store". Droid Report.
- ^ "Shedun Trojan goes solo". Darkmatters.
- ^ a b "Shedun: adware/malware family threatening your Android device". Avira Blog.
- ^ "Neue Welle von Android-Malware lässt sich kaum mehr entfernen".
- ^ PMK Presse, Messe & Kongresse Verlags GmbH. "Gemeinsamkeiten: Shuanet, Shedun & ShiftyBug".
- ^ "Android-Malware: Adware war gestern. Android-Trojaner auf dem Vormarsch". botfrei Blog.
- ^ a b "New type of auto-rooting Android adware is nearly impossible to remove". Ars Technica.
- ^ a b c Michael Mimoso. "Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news". Threatpost - The first stop for security news.
- ^ "Adware Shedun nistet sich gegen den Willen der Nutzer in Android ein". ITespresso.de.
- ^ "Android Trojan Software Morphs Into Real Apps, Nearly Impossible To Remove From Device's System: Report". Yibada.
- ^ "Android-Malware: Neue Schadsoftware rootet Geräte und ist kaum zu entfernen - Golem.de".
- ^ Swati Khandelwal (3 September 2015). "26 Android Phone Models Shipped with Pre-Installed Spyware". The Hacker News.
- ^ https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_US.pdf
- ^ Catalin Cimpanu (4 September 2015). "24 Chinese Android Smartphone Models Come with Pre-Installed Malware". softpedia.
- ^ David Gilbert. "Amazon Selling $40 Android Tablets That Come With Pre-Installed Malware". International Business Times.
- ^ "Chinese smartphones infected with pre-installed malwareSecurity Affairs". Security Affairs.
- ^ "Chinese Android smartphones now shipping with pre-installed malware". SC Magazine.
- ^ Diane Samson. "Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones". iDigitalTimes.com.
- ^ "Amazon's $40 Chinese Android Tablets Infected With Pre-Installed Malware". Design & Trend.
- ^ Jeremy Kirk (5 March 2014). "Pre-installed malware found on new Android phones". Computerworld.
- ^ https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf
- ^ Waqas. "Amazon Store, a safe haven for Android Tablets with pre-installed malware". HackRead.
- ^ "Pre-Installed Android Malware Raises Security Risks in Supply Chain".
- ^ "Some Android Phones Come With Malware Pre-Installed: Report". The Huffington Post.
- ^ "Brand New Android Smartphones Coming with Spyware and Malware". WCCFtech.
- ^ "Chinese Android smartphone comes with malware pre-installed". Graham Cluley.
- ^ Martin Brinkmann (8 September 2015). "Beware, your Android phone might come with preloaded spyware". gHacks Technology News.
- ^ "Trojan adware on Android can give itself root access". The Tech Report.
- ^ "Shedun, Shuanet und Shiftybug: Android-Smartphone vor Malware schützen".
- ^ "Android-Nutzer: Achtung vor Trojaner-Adware Shedun - Check & Secure -". - Check & Secure -.
- ^ "New Android adware tries to root your phone so you can't remove it". ExtremeTech.
- ^ "More than 20,000 apps auto-root Android devices". SC Magazine UK.
- ^ a b "Android's accessibility service grants god-mode p0wn power".
- ^ "Trojanized adware family abuses accessibility service to install whatever apps it wants | Lookout Blog". Blog.lookout.com. 2015-11-19. Retrieved 2016-04-10.
- ^ "Shedun trojan adware is hitting the Android Accessibility Service".
- ^ "Shedun adware can install any malicious mobile appSecurity Affairs". Security Affairs.
- ^ Shedun gaining accessibility service privileges. 18 November 2015 – via YouTube.
- ^ Dennis Schirrmacher (20 November 2015). "Android-Malware: Werbeterror wie von Geisterhand". Security.
- ^ "Der Adware – Trojaner Shedun". trojaner-info.de. 6 December 2015.
- ^ Swati Khandelwal (20 November 2015). "This Malware Can Secretly Auto-Install any Android App to Your Phone". The Hacker News.
- ^ "Trojaner-Adware installiert selbstständig ungewollte Android-Apps".
- ^ "Shedun: Neue Android-Adware installiert Apps ohne deine Einwilligung". Androidmag.
- ^ John Woll. "Installation auch nach Ablehnung: Neue dreiste Android-Adware".
- ^ "Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?". Yibada.
- ^ http://www.noz.de/deutschland-welt/gut-zu-wissen/artikel/635820/gefahrliche-android-schadsoftware-oft-hilft-nur-neues-gerat-1
- ^ "Shedun trojan adware is hitting the Android Accessibility Service". The Inquirer. 2015-11-20. Retrieved 2016-04-10.
- ^ "Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire | Lookout Blog". Blog.lookout.com. 2015-11-04. Retrieved 2016-04-10.
- ^ "Shuanet, ShiftyBug and Shedun malware could auto-root your Android". Betanews.com. Retrieved 2016-04-10.
- ^ "New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH". Tech Times. Retrieved 2016-04-10.
- ^ Goodin, Dan (2015-11-19). "Android adware can install itself even when users explicitly reject it". Ars Technica. Retrieved 2016-04-10.
- ^ "Pavel Ponomariov - Avira Blog". Avira Blog.