New trojanised adware has been discovered by mobile security firm Lookout, which is thought to affect over 20,000 popular apps available on the Google Play store.
Some of the malware posing as a legitimate version of the most popular apps include imitations of Candy Crush, Facebook, GoogleNow, Snapchat, Twitter, WhatsApp and many more.
Adware is traditionally used to aggressively push ads, but it is now becoming compromised. Auto-rooting adware infected by malware roots the device automatically after the user installs it. After this is done, it is able to embed itself as a system application, becoming very difficult to remove afterwards.
The new virus largely goes by three different names – Shedun, Shuanet and ShiftyBug, but they all act in a similar fashion.
Lookout believes anyone hit by the bug will need professional support to remove it properly – so the best way to minimise risk is by being extra vigilant when downloading new apps and taking every step possible to ensure it is definitely the official, legitimate version of the app you want.
In a blogpost, the firm acknowledged that adware has attempted to convince the user to install new apps with banners and pop-ups in the past, but now it is able to install content without the user’s permission.
“We expect this class of trojanised adware to continue gaining sophistication over time, leveraging its root privilege to further exploit user devices, allow additional malware to gain read or write privileges in the system directory, and better hide evidence of its presence and activities.”
“For individuals, getting infected with Shedun, Shuanet and ShiftyBug might mean a trip to the store to buy a new phone,” Lookout warned.