20,000 Samples of Irrevocable Android Adware

[willmtaylor]

Yikes:

"Auto-rooting adware is a worrying development in the Android ecosystem in which malware roots the device automatically after the user installs it, embeds itself as a system application, and becomes nearly impossible to remove. Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated. This is a new trend for adware and an alarming one at that.​

Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others."
​

Additionally:

"To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device."​

https://blog.lookout.com/blog/2015/11/04/trojanized-adware/

Not good.

 

[Hal~9000]

Don't worry... I'm sure the OEMs and carriers will get a security update for this pushed out to everyone right away!

 

[sracer]

Considering the manual steps required to root most Android devices, I'm skeptical of the claims. But if it is true, then it would be nice for someone to develop a legitimate one-button app to root a device.

 

[JackieInCo]

Considering the manual steps required to root most Android devices, I'm skeptical of the claims. But if it is true, then it would be nice for someone to develop a legitimate one-button app to root a device.

There is a one step process for Nexus devices. I used the Nexus root toolkit to root my Nexus 4 and 7 this week. I also used the Android toolkit to simply press one button and downgrade both of those devices within minutes from Lollipop to KitKat. Easiest thing I ever did.

 

[mrex]

what happens when i go to a dark alley and drop my pants down while using my iphone?

can i be infected after jailbreaking?

so... should i jump from the balcony now? during these years i havent seen any malware on my android phone/tablet/tvbox. am i doing something wrong? should i tap the box "install from untrusted places", and even when getting a warning msg, just pass it by clicking OK, and then surfing to a chinese/russian websites and installing the most wanted expensive app for free?

i definitely misused my devices because never been participating malware party...

and definitely i have to start reading news provided by a business selling security softwares.

 

[mrex]

Don't worry... I'm sure the OEMs and carriers will get a security update for this pushed out to everyone right away!

as soon as google play store is infected too.

 

[mi7chy]

I see this more of a scare tactic considering Lookout sells a subscription service. A lot of devices haven't gotten root even with a paid bounty and usually gaining root requires tethering to a PC. Android hasn't experienced anything like the Fappening on iOS where pictures of owners' orifices were leaked on the internet so I'm not concerned. Worst case you can always reflash the factory firmware contrary to Lookout claiming that you can't recover.

 

[BoxerGT2.5]

This affects only rooted devices correct?

 

[kasakka]

This affects only rooted devices correct?

Sounds more like the app itself roots the device and then installs itself as system app which makes it harder to remove. You would of course have to agree to install the app itself first and this is only going to happen if it masquerades as something else first.

 

[chagla]

rooting android involves a few steps.. im curious to learn the exact process of how these apps root automatically.

in any case, you can use a firewall app, block all network access except your browser and other legitimate apps that need network access.