AndroidGoogleHackingHTCInternetNewsSamsungSecuritySony

This Malware Can Secretly Auto-Install any Android App to Your Phone

Own an Android Smartphone?
Hackers can install any malicious third-party app on your smartphone remotely even if you have clearly tapped a reject button of the app.
Security researchers have uncovered a trojanized adware family that has the capability to automatically install any app on an Android device by abusing the operating system’s accessibility features.
Michael Bentley, head of response at mobile security firm Lookout, warned in a blog post published Thursday that the team has found three adware families:
  • Shedun (GhostPush)
  • Kemoge (ShiftyBug)
  • Shuanet

 

But, it seems that the Shedun adware family has capabilities that go beyond the reach of other adware families.

The Malware Doesn’t Exploit Any Vulnerability

It is worth noting that the malware does not exploit any flaw in the service to hijack an Android device and instead relies on the service’s legitimate functionality.
During the installation, apps from the Shedun adware family tricks users into granting them access to the Android Accessibility Service, which is meant to provide users alternative ways to interact with their smartphone devices.
By gaining access to the accessibility service, Shedun can:
  • Read the text that appears on the phone screen
  • Determine an app installation prompt
  • Scroll through the permission list
  • Finally, Press the install button without any physical interaction from the user

 

Video Demonstration:

You can watch the following video that shows the forced installation of an app in action.

The trojanized app actually masquerades itself as an official app available in Google Play Store and then is pushed to third-party markets.
The worrisome part is that Shedun apps can’t be easily uninstalled, as the apps root the victim’s device and then embed themselves in the system partition in an effort to persist even after factory reset.
Legitimate applications also use the Android Accessibility Service for features like to grant expanded capability to phone tinkerers. So, users are, as always, advised to carefully make use of the third-party app markets.
Share Your Thoughts
Tags

Pascal Eugene

Founder of ‘Geek The Net’. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker.

Related Articles

Close