Update: Renowned anti-virus company, Avast, shared similar concerns over the new adware threat. In a statement issued to IBTimes, India, company's mobile malware analyst, Nikolaos Chrysaidos, said, "The threat is serious. Based on what we see from similar malware families, it is nearly impossible to remove the malware if the user doesn't have a strong technical background. The fact that the malware is included in apps disguised as popular apps and are distributed in third-party app stores, making it more tempting and convincing for users to download them and thus they get infected."
Chrysaidos also advised mobile users to download apps from genuine app stores such as Google Play Store to avoid risks of infections.
Amid rising concerns over cybercrimes, a trio of new trojanized adware has infected thousands of Android applications, including Facebook, WhatsApp, Candy Crush and others. What's more concerning is the fact that the malware is capable of auto-rooting into smartphones, making it "virtually impossible" to be removed, even if the user performs factory data reset.
A San Francisco-based security firm, Lookout, found the threat would infect as many as 20,000 Android apps before distributing to third party app store. Lookout listed some of the prominent apps used on a daily basis under the infectious reach of the new threat. These include Google Now, Twitter, NYTimes, Okta and Snapchat.
Lookout identifies these trojanized adware as Shedun, Shuanet, and ShiftyBug, responsible for redistribution of original apps from original sources to third-party counterparts.
How do they work?
Lookout explains that the new adware works smart in the background, without giving any hint to the users. Under the cover of legit apps, these adware root the device to gain administrative access, such as files created by other apps.
"Looking at the distribution portion of the command and control server, it appears that these families programmatically repackage thousands of popular apps from first-tier app stores like Google Play and its localized equivalents," Lookout explains.
The malicious apps are so legit that their usual services are not hindered, making it least of a concern to users unless it is too late. The rooting of the device is performed in the background without any consent or knowledge of the user.
What is the extent of risk?
The nature of infection carried out by Shedun, Shuanet, and ShiftyBug puts other applications installed on the phone under risk. Given the root access, these adware can easily bypass the limitations of accessing files created by other applications.
As such, users are at high risk of getting their personal information, user credentials and
Wide spread of the attack
According to Lookout, the highest detection of Shedun, Shuanet, and ShiftyBug adware families have been found in the United States, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia.
How to protect your phone from getting infected?
The infection is found to affect apps in third party stores. This means as long as you are downloading apps from an official app store such as Google Play, you can consider yourself safe. Under no circumstance, download apps from third-party app stores, no matter how legit or promising they seem.
What to do if your device is already infected?
These adware families install and hide themselves into the system application, making it virtually impossible to remove. Even if you perform a full data reset, the affected device will carry the infection in the system. The only solution to overcome it is by either seeking professional help or purchasing a new device altogether.
[Updated with Avast's statement on the matter.]