This site may earn affiliate commissions from the links on this page. Terms of use.

A new slice of Android malware has been revealed past security firm Lookout, and it'south a clever one. The malware in question is a type of trojan adware called Shuanet, which is masquerading as xx,000 different popular apps. Shuanet doesn't just display ads, though. It also attempts to root any device it is installed on, allowing the malware to survive mill resets.

Shuanet shares a lot of lawmaking with several other adware trojans that Lookout has detected recently known as Kemoge and Shedun. What's interesting about Shuanet is that information technology doesn't seek to wreak havoc on an infected device or clog information technology with other malware. This is adware first and foremost, so the goal is to get people to utilize their devices and see the ads.

The malware operators are downloading the legitimate Android APKs of pop apps, so integrating Shuanet and reposting them in third-political party app stores. The thousands of apps repackaged past Shuanet include the likes of Facebook, Snapchat, NYTimes, WhatsApp, and more. These apps appear to function usually after being installed, so the user might non even realize anything is wrong. Just a few annoying popup ads, but such is the cost nosotros pay for living in a connected world, right?

ShuanetThe aspect of Shuanet that is grabbing headlines is that information technology roots your device, which is sort of true. Information technology certainly tries to root whatever Android device it is installed on, simply according to Sentinel, it's non using whatsoever new secret system vulnerabilities. It'south simply a package of older customs-adult exploits that enthusiast users install to gain root access for their own enjoyment. If Shuanet successfully roots a phone, it moves the infected app to the arrangement partition, which means it will survive a manufacturing plant reset. The only way to remove it would be to use a root-enabled file explorer to find and remove the bundle. That would be tough if you lot didn't know which app was the source of the infection.

This isn't equally calamitous as it sounds at first. As we've mentioned in the past, there are no universal root exploits on Android, and all of the public exploits included in Shuanet have been patched (for case ExynosAbuse and Framaroot). Thus, a device is only vulnerable if it's running a rather old version of Android. Notice how the example image provided past Lookout man is a Jelly Bean phone? A newer phone wouldn't be rooted by Shuanet, merely the ad features could still work.

It's nonetheless very difficult to become infected with Shuanet. Yous'd have to disable installation protection, ignore the Google security warnings, then manually install one of these apps from a shady third-party app shop instead of merely getting information technology from Google Play. I'm not sure who would do that, only Scout says it has seen it happening in the wild. Information technology does not provide a figure for the number of infections, though.