Shedun
Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet[1][2][3]) targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000[4] popular Android applications.[3][5][6][7][8] Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.[9][10]
Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.[11] All three variants of the virus are known to share roughly ~80% of the same source code.[12][13]
In mid 2016, arstechnica reported that approximately 10.000.000 devices would be infected by this malware [14] and that new infections would still be surging.[15][16]
The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat[17])[4][18][19] with adware included. The app which remains functional is then released to a third party app store;[20] once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation[19]), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.[21][22]
In addition, Shedun-type malware has been detected pre-installed on 26 different types[23] of Chinese Android-based hardware such as Smartphones and Tablet computers.[24][25][26][27][28][29][30][31][32][33][34][35][36]
Shedun-family malware is known for auto-rooting the Android OS[18][37] using well-known exploits like ExynosAbuse, Memexploit and Framaroot [38] (causing a potential privilege escalation[19][39][40])[41] and for serving trojanized adware and installing themselves within the system partition of the operating system, so that not even a factory reset can remove the malware from infected devices.[42][43]
Shedun malware is known for targeting the Android Accessibility Service,[2][42][44][45][46][47][48] as well as for downloading and installing arbitrary applications[49] (usually adware) without permission.[3] It is classified as "aggressive adware" for installing potentially unwanted program[50][51][52] applications and serving ads.[53]
As of April 2016, Shedun malware is considered by most security researchers to be next to impossible to entirely remove.[54][55][56][57][58][59]
Avira Security researcher Pavel Ponomariov, who specializes in Android malware detection tools, mobile threat detection, and mobile malware detection automation research,[60] has published an in-depth analysis of this malware.[11]
The countries most infected by this virus were in Asia including China, India, Philippines, Indonesia and Turkey.[61]
See also
- Brain Test
- Dendroid (Malware)
- Computer virus
- File binder
- Individual mobility
- Malware
- Trojan horse (computing)
- Worm (computing)
- Mobile operating system
References
- ↑ by @HackTheW0r1d (2015-11-05). "Shuanet, ShiftyBug and Shedun malware could auto-root your Android – HackBails". Hackbails.wordpress.com. https://hackbails.wordpress.com/2015/11/05/trojanized-adware-already-infected-more-than-20000-android-apps/. Retrieved 2016-10-02.
- ↑ 2.0 2.1 "Android Adware Abuses Accessibility Service to Install Apps". http://www.securityweek.com/android-adware-abuses-accessibility-service-install-apps. Retrieved 2016-04-20.
- ↑ 3.0 3.1 3.2 Manish Singh. "New Android Adware Can Download, Install Apps Without Permission: Report". NDTV Gadgets360.com. http://gadgets.ndtv.com/apps/news/new-android-adware-can-download-install-apps-without-permission-report-768664.
- ↑ 4.0 4.1 "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". AppleInsider Forums. http://forums.appleinsider.com/discussion/189949/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android.
- ↑ Eran, Daniel (2015-11-05). "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". Appleinsider.com. http://appleinsider.com/articles/15/11/05/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android. Retrieved 2016-10-02.
- ↑ "Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store". Droid Report. http://www.droidreport.com/articles/2516/20151110/android-malware-loose-shuanet-shiftybug-shedun-signatures-found-20000-apps-outside-google.htm.
- ↑ "Shedun Trojan goes solo". Darkmatters. http://darkmatters.norsecorp.com/2015/11/20/shedun/.
- ↑ "Popular Mobile Apps Repackaged with Trojans". Lavasoft. 2015-11-04. http://lavasoft.com/mylavasoft/company/blog/popular-mobile-apps-repackaged-with-trojans. Retrieved 2016-10-02.
- ↑ "Another month, another new rooting malware family for Android". http://blog.elevenpaths.com/2016/07/another-month-another-new-rooting.html.
- ↑ "DIY Attribution, Classification, and In-depth Analysis of Mobile Malware". 2016-07-11. http://blog.checkpoint.com/2016/07/11/diy-attribution-classification-depth-analysis-mobile-malware/.
- ↑ 11.0 11.1 "Shedun: adware/malware family threatening your Android device". Avira Blog. 3 September 2015. http://blog.avira.com/shedun/.
- ↑ "Neue Welle von Android-Malware lässt sich kaum mehr entfernen". http://www.elektronikpraxis.vogel.de/iot/security/articles/510900/. Retrieved 2016-04-20.
- ↑ PMK Presse, Messe & Kongresse Verlags GmbH. "Gemeinsamkeiten: Shuanet, Shedun & ShiftyBug". http://www.itseccity.de/virenwarnung/hintergrund/lookout021215.html. Retrieved 2016-04-20.
- ↑ Dan Goodin - Jul 7, 2016 5:50 pm UTC (2016-07-07). "10 million Android phones infected by all-powerful auto-rooting apps". Ars Technica. https://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/. Retrieved 2016-10-02.
- ↑ "Android Trojanized Adware 'Shedun' Infections Surge". Bankinfosecurity.com. 2016-07-08. http://www.bankinfosecurity.com/android-trojanized-adware-shedun-infections-surge-a-9249. Retrieved 2016-10-02.
- ↑ "Android Trojanized Adware 'Shedun' Infections Surge". https://www.linkedin.com/pulse/android-trojanized-adware-shedun-infections-surge-mike-rogan.
- ↑ "Android-Malware: Adware war gestern. Android-Trojaner auf dem Vormarsch.". botfrei Blog. 9 November 2015. https://blog.botfrei.de/2015/11/android-trojaner-auf-dem-vormarsch/.
- ↑ 18.0 18.1 "New type of auto-rooting Android adware is nearly impossible to remove". Ars Technica. 4 November 2015. https://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/.
- ↑ 19.0 19.1 19.2 Michael Mimoso. "Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news". Threatpost - The first stop for security news. https://threatpost.com/shuanet-adware-rooting-android-devices-via-trojanized-apps/115265/.
- ↑ "Adware Shedun nistet sich gegen den Willen der Nutzer in Android ein". ITespresso.de. 23 November 2015. http://www.itespresso.de/2015/11/23/shedun-adware-nistet-sich-gegen-den-willen-der-nutzer-in-android-ein/.
- ↑ "Android Trojan Software Morphs Into Real Apps, Nearly Impossible To Remove From Device's System: Report". Yibada. http://en.yibada.com/articles/82763/20151108/android-trojan-software-morphs-real-apps-nearly-impossible-remove-device.htm.
- ↑ "Android-Malware: Neue Schadsoftware rootet Geräte und ist kaum zu entfernen - Golem.de". http://www.golem.de/news/android-malware-schadsoftware-rootet-und-infiziert-geraete-unwiederbringlich-1511-117307.html.
- ↑ Swati Khandelwal (3 September 2015). "26 Android Phone Models Shipped with Pre-Installed Spyware". The Hacker News. http://thehackernews.com/2015/09/android-smartphone-malware.html.
- ↑ "G Data : Mobile Malware Report". https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_US.pdf. Retrieved 2016-04-20.
- ↑ Catalin Cimpanu (4 September 2015). "24 Chinese Android Smartphone Models Come with Pre-Installed Malware". softpedia. http://news.softpedia.com/news/24-chinese-android-smartphones-models-come-with-pre-installed-malware-490930.shtml.
- ↑ David Gilbert (12 November 2015). "Amazon Selling $40 Android Tablets That Come With Pre-Installed Malware". International Business Times. http://www.ibtimes.com/amazon-selling-40-android-tablets-come-pre-installed-malware-2181424.
- ↑ "Chinese smartphones infected with pre-installed malwareSecurity Affairs". Security Affairs. 2 September 2015. http://securityaffairs.co/wordpress/39821/hacking/chinese-smartphones-pre-installed-malware.html.
- ↑ "Chinese Android smartphones now shipping with pre-installed malware". SC Magazine. http://www.scmagazine.com/chinese-android-smartphones-now-shipping-with-pre-installed-malware/article/436655/.
- ↑ Diane Samson. "Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones". iDigitalTimes.com. http://au.idigitaltimes.com/malware-found-pre-installed-xiaomi-huawei-lenovo-phones-107190.
- ↑ "Amazon's $40 Chinese Android Tablets Infected With Pre-Installed Malware". Design & Trend. http://www.designntrend.com/articles/64631/20151113/amazon-s-40-chinese-android-tablets-infected-pre-installed-malware.htm.
- ↑ Jeremy Kirk (5 March 2014). "Pre-installed malware found on new Android phones". Computerworld. http://www.computerworld.com/article/2488173/security0/pre-installed-malware-found-on-new-android-phones.html.
- ↑ "G Data : Mobile Malware Report". https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf. Retrieved 2016-04-20.
- ↑ Waqas (14 November 2015). "Amazon Store, a safe haven for Android Tablets with pre-installed malware". HackRead. https://www.hackread.com/amazon-safe-haven-for-android-tablets-malware/.
- ↑ "Pre-Installed Android Malware Raises Security Risks in Supply Chain". October 2021. https://tafsiran.com/cara-mengatasi-layanan-google-play-terus-berhenti/.
- ↑ "Some Android Phones Come With Malware Pre-Installed: Report". The Huffington Post. http://www.huffingtonpost.com/entry/android-malware-pre-installed_us_55e6f2e8e4b0aec9f355271f.
- ↑ "Brand New Android Smartphones Coming with Spyware and Malware". WCCFtech. 4 September 2015. http://wccftech.com/brand-android-smartphones-coming-spyware-malware/.
- ↑ "Trojan adware on Android can give itself root access". The Tech Report. 5 November 2015. http://techreport.com/news/29281/trojan-adware-on-android-can-give-itself-root-access.
- ↑ "Shedun, Shuanet und Shiftybug: Android-Smartphone vor Malware schützen". http://praxistipps.chip.de/shedun-shuanet-und-shiftybug-android-smartphone-vor-malware-schuetzen_44475.
- ↑ "Android-Nutzer: Achtung vor Trojaner-Adware Shedun - Check & Secure -". - Check & Secure -. http://blog.check-and-secure.com/android-nutzer-achtung-vor-trojaner-adware-shedun_15-11-25/.
- ↑ "New Android adware tries to root your phone so you can't remove it". ExtremeTech. http://www.extremetech.com/mobile/217544-new-android-adware-tries-to-root-your-phone-so-you-cant-remove-it.
- ↑ "More than 20,000 apps auto-root Android devices". SC Magazine UK. 30 January 2022. http://www.scmagazineuk.com/more-than-20000-apps-auto-root-android-devices/article/451797/.
- ↑ 42.0 42.1 "Android's accessibility service grants god-mode p0wn power". https://www.theregister.co.uk/2015/11/20/shedun_adware/.
- ↑ "Trojanized adware family abuses accessibility service to install whatever apps it wants | Lookout Blog". 2015-11-19. https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/. Retrieved 2016-04-10.
- ↑ "Shedun trojan adware is hitting the Android Accessibility Service". http://www.theinquirer.net/inquirer/news/2435721/shedun-trojan-adware-is-hitting-the-android-accessibility-service. Retrieved 2016-04-20.
- ↑ "Shedun adware can install any malicious mobile appSecurity Affairs". Security Affairs. 22 November 2015. http://securityaffairs.co/wordpress/42164/malware/shedun-trojanized-adware.html.
- ↑ Shedun gaining accessibility service privileges. 18 November 2015 – via YouTube.
- ↑ Dennis Schirrmacher (20 November 2015). "Android-Malware: Werbeterror wie von Geisterhand". Security. http://www.heise.de/security/meldung/Android-Malware-Werbeterror-wie-von-Geisterhand-3009688.html.
- ↑ "Der Adware – Trojaner Shedun". trojaner-info.de. 6 December 2015. http://www.trojaner-info.de/news2/der-adware-trojaner-shedun.html.
- ↑ Swati Khandelwal (20 November 2015). "This Malware Can Secretly Auto-Install any Android App to Your Phone". The Hacker News. http://thehackernews.com/2015/11/android-malware-auto-install.html.
- ↑ "Trojaner-Adware installiert selbstständig ungewollte Android-Apps". http://www.areamobile.de/news/35337-trojaner-adware-installiert-selbststaendig-ungewollte-android-apps. Retrieved 2016-04-20.
- ↑ "Shedun: Neue Android-Adware installiert Apps ohne deine Einwilligung". Androidmag. 25 November 2015. http://androidmag.de/news/technik-news/shedun-neue-android-adware-installiert-apps-ohne-deine-einwilligung/.
- ↑ John Woll (23 November 2015). "Installation auch nach Ablehnung: Neue dreiste Android-Adware". http://winfuture.de/news,89953.html.
- ↑ "Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?". Yibada. http://en.yibada.com/articles/90437/20151201/android-shedun-malware.htm.
- ↑ "Gefährliche Android-Schadsoftware: Oft hilft nur neues Gerät". 9 November 2015. http://www.noz.de/deutschland-welt/gut-zu-wissen/artikel/635820/gefahrliche-android-schadsoftware-oft-hilft-nur-neues-gerat-1. Retrieved 2016-04-20.
- ↑ "Shedun trojan adware is hitting the Android Accessibility Service". The Inquirer. 2015-11-20. http://www.theinquirer.net/inquirer/news/2435721/shedun-trojan-adware-is-hitting-the-android-accessibility-service. Retrieved 2016-04-10.
- ↑ "Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire | Lookout Blog". 2015-11-04. https://blog.lookout.com/blog/2015/11/04/trojanized-adware/. Retrieved 2016-04-10.
- ↑ "Shuanet, ShiftyBug and Shedun malware could auto-root your Android". 5 November 2015. http://betanews.com/2015/11/05/shuanet-shiftybug-and-shedun-malware-could-auto-root-your-android/. Retrieved 2016-04-10.
- ↑ "New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH". Tech Times. 9 November 2015. http://www.techtimes.com/articles/104373/20151109/new-family-of-android-malware-virtually-impossible-to-remove-say-hello-to-shedun-shuanet-and-shiftybug.htm. Retrieved 2016-04-10.
- ↑ Goodin, Dan (2015-11-19). "Android adware can install itself even when users explicitly reject it". Ars Technica. https://arstechnica.com/security/2015/11/android-adware-can-install-itself-even-when-users-explicitly-reject-it/. Retrieved 2016-04-10.
- ↑ "Pavel Ponomariov - Avira Blog". Avira Blog. http://blog.avira.com/author/pavel-ponomariov/.
- ↑ Schwartz, Mathew J.. "Android Trojanized Adware 'Shedun' Infections Surge" (in en). https://www.bankinfosecurity.com/android-trojanized-adware-shedun-infections-surge-a-9249.
Original source: https://en.wikipedia.org/wiki/Shedun.
Read more |