Information Security News

Malware Can Secretly Auto-Install..?

This Malware Can Secretly Auto-Install any Android App to Your Phone

Own an Android Smartphone?
Hackers can install any malicious third-party app on your smartphone remotely even if you have clearly tapped a reject button of the app.
Security researchers have uncovered a trojanized adware family that has the capability to automatically install any app on an Android device by abusing the operating system’s accessibility features.
Michael Bentley, head of response at mobile security firm Lookout, warned in a blog post published Thursday that the team has found three adware families:
  • Shedun (GhostPush)
  • Kemoge (ShiftyBug)
  • Shuanet
All the three adware families root-infect Android devices in order to prevent their removal and give attackers unrestricted access to the devices.
But, it seems that the Shedun adware family has capabilities that go beyond the reach of other adware families.

The Malware Doesn’t Exploit Any Vulnerability

It is worth noting that the malware does not exploit any flaw in the service to hijack an Android device and instead relies on the service’s legitimate functionality.
During the installation, apps from the Shedun adware family tricks users into granting them access to the Android Accessibility Service, which is meant to provide users alternative ways to interact with their smartphone devices.
By gaining access to the accessibility service, Shedun can:
  • Read the text that appears on the phone screen
  • Determine an app installation prompt
  • Scroll through the permission list
  • Finally, Press the install button without any physical interaction from the user
The trojanized app actually masquerades itself as an official app available in Google Play Store and then is pushed to third-party markets.
The worrisome part is that Shedun apps can’t be easily uninstalled, as the apps root the victim’s device and then embed themselves in the system partition in an effort to persist even after factory reset.


Related Articles
Lookout categorized them as “Trojanized Adware” because the goal of this malware is to install third-party apps and serve aggressive advertising.
Legitimate applications also use the Android Accessibility Service for features like to grant expanded capability to phone tinkerers. So, users are, as always, advised to carefully make use of the third-party app markets.



Mustapha Haouili

Software development engineer - It System Administrator with a successful experience from 14 years. Programming languages: Cobol - C# - Python - Shell Script. There is no problem without a solution

Related Articles

Leave a Reply

Back to top button