News

PSA: New Android malware strain is apparently almost impossible to remove

One of the major reasons to use the proper marketplaces when grabbing the Android game or app that you want at that time is because of the security risks that are involved with shady third-party sites and torrents. There is no guarantee of what you are actually getting until it is on your device basically. There is a new strain of malware that has shown up for Android devices that is apparently ‘virtually impossible’ to remove, at least for right now.

The new malware is almost on the same level as a full-blown trojan, hiding itself as popular apps and games (roughly 20K so far) that, once installed, quietly gains root-level access on the device it is on. Because of the level of access that this new strain gets, simply doing a factory reset won’t remove it. For example the shedun family modifies install-recovery.sh  while others drop a form of chattr command which prevents removal of a file. That means no matter what you do, you won’t be able to get rid of it unless you know how to install a fresh ROM or carefully modify the correct system files over ADB.

Once it has root-level access, it embeds itself as a system file. Between those two factors right there, that is what makes it so difficult to remove. Popular apps and games like Candy Crush, WhatsApp, SnapChat, GoogleNow, and so on are downloaded off of Google Play, decompiled and get the code added to it. Then they are repackaged and put out onto third-party websites offering free apps and games or as torrent files.

So just a heads up, there is a new strain out there that is really nasty and until the proper fixes are out, getting it is definitely something you should want to avoid doing.

Websites Referenced: Lookout | Engadget | Ars Technica

Share This

You Might Also Like