A mobile security research company called Lookout has discovered a new kind of Android adware that is extremely powerful and equally dangerous. The firm has disclosed its findings in a blog post and things do not look pretty for a considerable percentage of Android users who have used third-party marketplaces recently.
The people behind the malware take a popular app, repackage a part of it with malicious code and then release it in a third-party marketplace where they can infect thousands of users at once. The apps look completely legitimate and in most cases they perform in almost the same level as the original apps. The researchers found more than 20,000 samples of infected apps so the adware can be found virtually everywhere. It even exists in apps such as Twitter, Facebook and even a two-factor authentication app called Okta.
When the infected apps arrive in your system, they reconfigure themselves as system apps in order to get super-user permissions and gain access to pretty much everything in your system. Normally, Android apps are not allowed to read system files or go through passwords and the like but system apps have a far wider range of permissions so you can imagine what a malicious app can do with this kind of power. For now, the malware only bombards users with advertisements but they could easily be turned to serve other purposes if needed.
The researchers suggest that the attackers have created powerful malware that can infect your system in a variety of ways and even use multiple root exploits which can be tailored to specific devices. The worst part is that many of these exploits are publicly available as they are more commonly used by third-party developers in auto-rooting apps. Even though those apps ask the permission of users to do their thing, the exploits can easily be applied to a device without the user ever knowing about it.
The worst part of all this is that once the infected apps are inside your device, getting rid of them is not an easy process. Users who are familiar with ADB or flashing their phones can get rid of the infected system files or just start over but everyday users cannot do much as factory resets do nothing to solve the issue. Sticking to Google Play is the best possible solution as all of the infected apps come from third-party marketplaces so try to stay away from them for a while.