Lookout.com has published a blog article yesterday that states they have detected over 20,000 Auto-rooting Adware Apps in the Google Android (mobile) eco-system of virtual storefronts and applications.
Mobile phones using the Android operating system are at serious risk, potentially requiring users to seek professional help in removing malicious code after installing popular apps, such as Facebook, from the Google Play store (along with many other stores). The malware is classified as an auto-rooting Trojan horse.
Auto-rooting is a technique that malware uses to keep re-installing or re-infecting itself back into a system that has supposedly just been cleaned. It is the most difficult type of malware to purge from a device or computer.
As this article in Lookout states,
″malware roots the device automatically after the user installs the infected application, embeds itself as a system application, and becomes nearly impossible to remove. Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated.”
These infected app aren’t only found in odd storefronts. The article goes on to say,
“Malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores.”
And don’t think these are the typical free flashlight apps. They are repackaging infected versions of very popular apps that millions of users would immediately add to their new phone, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat and Twitter.”
“Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user. To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device.”
Read more: Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire (https://blog.lookout.com/blog/2015/11/04/trojanized-adware/)