New viruses for Android, found in many popular applications are introduced into the system at a level that we have to buy a new device. The problem is widespread and can become a new trend in the creation of malware for mobile platforms.
It is reported by the company Lookout, specializing in the protection of mobile devices across platforms and from multiple threats. In a detailed statement in the official blog states that in the past year Lookout experts found more than 20,000 new viruses versions of programs, including such popular as Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, etc. All of them were found in the third-party app stores and unofficial sites that distribute software for Android.
Most of the infected programs fully or almost fully preserves the functionality of the original, that is, the user does not I realize that with Candy Crush with the “left” of the site and has set itself the Trojan. Viruses are so crafty that when you install the actual “rutyat” smartphone. For most not too sophisticated technical users, this means one thing: the inability to remove the malicious program on their own. The Lookout say that does not help even the complete removal of data and factory reset – Trojans install themselves at a lower level and to deal with them there needs a special approach.
The researchers argue that although technically the program are Class adware, ie show unsolicited advertising, they have the functionality and features of the Trojans. They are quite able to set their own programs, as well as other tools to open access to data from other applications – something that Android actually prohibited, but maybe in obtaining the rights “root”. It opens to the owners of malware opportunities for access to the files, photos, contacts and correspondence victims. But even if it does not bother (“my data but someone interesting?”), Constantly appear on the screen advertising can not irritate.
The researchers studied the Trojan code, and noted several features. Firstly, the creators of viruses infect virtually everything, including even programs for corporate users (for example, Okta), but deliberately avoid antivirus and any utilities that are responsible for security.
Second, they found three various Trojan – Shuanet, Shedun and ShiftyBug. Thus 70-80% of the original code is the same three different programs. This means that the creators, and if you do not work under one roof, at least heard about each other and enjoyed the fruits of labor “colleagues.” In addition, these Trojans, as it turned out, used known exploits Memexploit, Framaroot and ExynosAbuse, widely used for “root” in Android.
According to experts Lookout this suggests that the creation of such viruses can It is put on stream very quickly, and they will become a new trend – their obvious advantages and disadvantages are practically absent. Until now the type of nasty adware could only advertise and relatively easy to clean out the system. Trojans rights “root”, implemented in Android on the system level, can not only advertise, but without permission to put the application. During the installation of its software developers are willing to pay the money, so virus creators have a direct commercial interest “to do so”.
Users should once and for all to end the habit of installing applications are not from official sites and move to Google Play. In the latter also sometimes be found not entirely “clean” program, but according to a report Lookout, set the program with “left” sites are now – like madness. Virus writers are increasingly master the functionality of adware Trojans and it will cost users more and more expensive. It’s one thing when clean the system can be reset to factory settings, and quite another, even when this is not too comfortable measure is no longer sufficient and could end up going to the store for a new smartphone. Well, or the life of your smartphone, which is constantly “spam” advertising and puts horrible without the user’s knowledge.
Also, you should know one more fact. The Lookout argue that more than 20 thousand. Infected programs they have found on the sites and services not only in such remote and exotic countries like Indonesia, India, Brazil, Mexico, Jamaica, Sudan and Iran, but also in quite civilized and close to us US , Germany and Russia.