Nov 5th, 2015

Lookout has published a new security report based on research they’ve done on adware apps. If you don’t know, adware is an app that is specifically designed to push ads to you — simple concept, no? A lot of adware is injected into shill apps that provide little or very simple functionality, but Lookout suggests there is an alarming amount of legit applications (20,000 or so) with adware injected.

malware

Illegitimate versions of apps like Candy Crush, Facebook, Google Now, NY Times, Okta, Snapchat, Twitter and WhatsApp — which could seem fully functional to the end user — are secretly storing adware code. Lookout suggests some of these apps find their way onto Google Play, though most are typically uploaded to third-party app stores. But that isn’t even the scariest part.

The company’s research also suggests that these apps are housing more than just ad-pushing code — some even have the capability to auto-root your phone and push files to your system partition without your consent. This would make it possible for a malicious app to do practically anything it wants on your phone, including installing spyware such as keyloggers. And all it takes is the simple act of installing the app, says Lookout.

wpid-Lookout.jpg

Lookout says nearly all of the apps share common characteristics, with a vast majority of the code coming from one of “three” families: Shuanet, ShiftyBug, and Shedun. Up to 80% of the apps share the same exact code base for executing the attacks, and they all target much of the same exploits.

The specifics of who is doing what and where aren’t that important to you, though — what’s important is knowing how to shield yourself from this madness. The typical adage applies here:

  • Try not to install apps from outside of Google Play.
  • If you have to install apps from outside Google Play, verify that the developer can be trusted. Never download an app from anywhere but its source.
  • Do research and read reviews to see if anyone has experienced anything fishy.
  • Double check the developer accounts which the app are hosted on to be sure the apps are coming from the right source.

It may seem like a lot of legwork for simply downloading and installing an app, but it’s nothing in comparison to the legwork you’d have to do to recover from a malicious attack from the tons of shady apps out there. You can read the full report at Lookout’s blog if you’re interested.