Today, thanks to the website Android Authority we learned that implementing mobile security app Lookout has discovered a new type of adware (a program that automatically displays Web advertising to the user during installation or during use to generate profit to their authors) roots the device when the user installs it, and then blends into its terminal as a system application.
By becoming itself a system application, it becomes completely invulnerable to any attempt of removal by the user. If you are among the unfortunate who have suffered adware, do not waste time to perform a factory reset, since the blend in system applications will remain intact. This is a new and sophisticated version of the typical adware which normally tends to make itelf completely unbearable to present the user with new ads continuously. Since this type of malware has root access, no need to constantly harass the user, and the worst thing is that most users do not even know if they have been affected.
Lookout, one of the security applications most recommended for Android, discovered not long ago that this family of Trojans are hidden inside the application code of Candy Crush, Google Now, Facebook, Twitter or Facebook, and these are just some examples of the more than 20,000 applications that have been infected. Nevertheless, infected versions of these applications are not directly available from the Google Play Store, but are downloaded through third-party stores as Aptoide or Blackmart.
Lookout warns that in situations in which the adware is embedded in your system, the possibilities are nearly impossible to remove it and the best solution is to acquire a new terminal. But the option proposed for Lookout is somewhat excessive, even though adware with this kind of potential is obviously a big security risk. Typically, applications are not usually given access to files created by other applications, but to get perpetrate the root access, malware exceeds this protection, which could expose infected fraud and theft of important personal data devices.
For now we know that Lookout has identified three versions of this Trojan: Shuanet, Kemoge and GhostPush. These adware families have different designers but they share 77% of their code, which means that if those responsible for their creation does not work together, at least know each other. The highest infection rates are occurring in countries like the US, Germany, Iran, India, Jamaica and Russia, among others.