Shedun

Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet[1][2][3]) targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000[4] popular Android applications.[3][5][6][7][8] Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.[9][10]

Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.[11] All three variants of the virus are known to share roughly ~80% of the same source code.[12][13]

In mid 2016, arstechnica reported that approximately 10.000.000 devices would be infected by this malware [14] and that new infections would still be surging.[15][16]

The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat[17])[4][18][19] with adware included. The app which remains functional is then released to a third party app store;[20] once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation[19]), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.[21][22]

In addition, Shedun-type malware has been detected pre-installed on 26 different types[23] of Chinese Android-based hardware such as Smartphones and Tablet computers.[24][25][26][27] [28][29][30][31][32][33][34][35][36][37][38]

Shedun-family malware is known for auto-rooting the Android OS [18][39] using well-known exploits like ExynosAbuse, Memexploit and Framaroot [40] (causing a potential privilege escalation[19][41][42])[43] and for serving trojanized adware and installing themselves within the system partition of the operating system, so that not even a factory reset can remove the malware from infected devices.[44][45]

Shedun malware is known for targeting the Android Accessibility Service,[2][44][46][47][48][49][50] as well as for downloading and installing arbitrary applications[51] (usually adware) without permission.[3] It is classified as "aggressive adware" for installing potentially unwanted program [52][53][54] applications and serving ads.[55]

As of April 2016, Shedun malware is considered by most security researchers to be next to impossible to entirely remove.[56][57][58][59][60][61]

Avira Security researcher Pavel Ponomariov, who specializes in Android malware detection tools, mobile threat detection, and mobile malware detection automation research,[62] has published an in-depth analysis of this malware.[11]

See also

References

  1. by @HackTheW0r1d (5 November 2015). "Shuanet, ShiftyBug and Shedun malware could auto-root your Android – HackBails". Hackbails.wordpress.com. Retrieved 2 October 2016.
  2. "Android Adware Abuses Accessibility Service to Install Apps". SecurityWeek.com. Retrieved 20 April 2016.
  3. Manish Singh. "New Android Adware Can Download, Install Apps Without Permission: Report". NDTV Gadgets360.com.
  4. "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". AppleInsider Forums.
  5. Eran, Daniel (5 November 2015). "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". Appleinsider.com. Retrieved 2 October 2016.
  6. "Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store". Droid Report.
  7. "Shedun Trojan goes solo". Darkmatters.
  8. "Popular Mobile Apps Repackaged with Trojans". Lavasoft. 4 November 2015. Retrieved 2 October 2016.
  9. "Another month, another new rooting malware family for Android". blog.elevenpaths.com. Retrieved 9 October 2016.
  10. "DIY Attribution, Classification, and In-depth Analysis of Mobile Malware". Check Point Blog. 11 July 2016. Retrieved 9 October 2016.
  11. "Shedun: adware/malware family threatening your Android device". Avira Blog.
  12. "Neue Welle von Android-Malware lässt sich kaum mehr entfernen". Elektronikpraxis.vogel.de. Retrieved 20 April 2016.
  13. PMK Presse, Messe & Kongresse Verlags GmbH. "Gemeinsamkeiten: Shuanet, Shedun & ShiftyBug". Itseccity.de. Retrieved 20 April 2016.
  14. Dan Goodin - Jul 7, 2016 5:50 pm UTC (7 July 2016). "10 million Android phones infected by all-powerful auto-rooting apps". Ars Technica. Retrieved 2 October 2016.
  15. "Android Trojanized Adware 'Shedun' Infections Surge". Bankinfosecurity.com. 8 July 2016. Retrieved 2 October 2016.
  16. https://www.linkedin.com/pulse/android-trojanized-adware-shedun-infections-surge-mike-rogan
  17. "Android-Malware: Adware war gestern. Android-Trojaner auf dem Vormarsch". botfrei Blog.
  18. "New type of auto-rooting Android adware is nearly impossible to remove". Ars Technica.
  19. Michael Mimoso. "Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news". Threatpost - The first stop for security news.
  20. "Adware Shedun nistet sich gegen den Willen der Nutzer in Android ein". ITespresso.de.
  21. "Android Trojan Software Morphs Into Real Apps, Nearly Impossible To Remove From Device's System: Report". Yibada.
  22. "Android-Malware: Neue Schadsoftware rootet Geräte und ist kaum zu entfernen - Golem.de".
  23. Swati Khandelwal (3 September 2015). "26 Android Phone Models Shipped with Pre-Installed Spyware". The Hacker News.
  24. "G Data : Mobile Malware Report" (PDF). Public.gdatasoftware.com. Retrieved 20 April 2016.
  25. Catalin Cimpanu (4 September 2015). "24 Chinese Android Smartphone Models Come with Pre-Installed Malware". softpedia.
  26. David Gilbert. "Amazon Selling $40 Android Tablets That Come With Pre-Installed Malware". International Business Times.
  27. "Chinese smartphones infected with pre-installed malwareSecurity Affairs". Security Affairs.
  28. "Chinese Android smartphones now shipping with pre-installed malware". SC Magazine.
  29. Diane Samson. "Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones". iDigitalTimes.com.
  30. "Amazon's $40 Chinese Android Tablets Infected With Pre-Installed Malware". Design & Trend.
  31. Jeremy Kirk (5 March 2014). "Pre-installed malware found on new Android phones". Computerworld.
  32. "G Data : Mobile Malware Report" (PDF). Public.gdatasoftware.com. Retrieved 20 April 2016.
  33. Waqas. "Amazon Store, a safe haven for Android Tablets with pre-installed malware". HackRead.
  34. "Pre-Installed Android Malware Raises Security Risks in Supply Chain".
  35. "Some Android Phones Come With Malware Pre-Installed: Report". The Huffington Post.
  36. "Brand New Android Smartphones Coming with Spyware and Malware". WCCFtech.
  37. "Chinese Android smartphone comes with malware pre-installed". Graham Cluley.
  38. Martin Brinkmann (8 September 2015). "Beware, your Android phone might come with preloaded spyware". gHacks Technology News.
  39. "Trojan adware on Android can give itself root access". The Tech Report.
  40. "Shedun, Shuanet und Shiftybug: Android-Smartphone vor Malware schützen".
  41. "Android-Nutzer: Achtung vor Trojaner-Adware Shedun - Check & Secure -". - Check & Secure -.
  42. "New Android adware tries to root your phone so you can't remove it". ExtremeTech.
  43. "More than 20,000 apps auto-root Android devices". SC Magazine UK.
  44. "Android's accessibility service grants god-mode p0wn power".
  45. "Trojanized adware family abuses accessibility service to install whatever apps it wants | Lookout Blog". Blog.lookout.com. 19 November 2015. Retrieved 10 April 2016.
  46. "Shedun trojan adware is hitting the Android Accessibility Service". Theinquirer.net. Retrieved 20 April 2016.
  47. "Shedun adware can install any malicious mobile appSecurity Affairs". Security Affairs.
  48. Shedun gaining accessibility service privileges. 18 November 2015 via YouTube.
  49. Dennis Schirrmacher (20 November 2015). "Android-Malware: Werbeterror wie von Geisterhand". Security.
  50. "Der Adware – Trojaner Shedun". trojaner-info.de. 6 December 2015.
  51. Swati Khandelwal (20 November 2015). "This Malware Can Secretly Auto-Install any Android App to Your Phone". The Hacker News.
  52. "Trojaner-Adware installiert selbstständig ungewollte Android-Apps". Areamobile.de. Retrieved 20 April 2016.
  53. "Shedun: Neue Android-Adware installiert Apps ohne deine Einwilligung". Androidmag.
  54. John Woll. "Installation auch nach Ablehnung: Neue dreiste Android-Adware".
  55. "Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?". Yibada.
  56. "Gefährliche Android-Schadsoftware: Oft hilft nur neues Gerät". Noz.de. Retrieved 20 April 2016.
  57. "Shedun trojan adware is hitting the Android Accessibility Service". The Inquirer. 20 November 2015. Retrieved 10 April 2016.
  58. "Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire | Lookout Blog". Blog.lookout.com. 4 November 2015. Retrieved 10 April 2016.
  59. "Shuanet, ShiftyBug and Shedun malware could auto-root your Android". Betanews.com. Retrieved 10 April 2016.
  60. "New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH". Tech Times. Retrieved 10 April 2016.
  61. Goodin, Dan (19 November 2015). "Android adware can install itself even when users explicitly reject it". Ars Technica. Retrieved 10 April 2016.
  62. "Pavel Ponomariov - Avira Blog". Avira Blog.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.