RECENT ANDROID THREATS Shuanet, ShiftyBug and Shedun are not quite ready to surrender the spotlight just yet, and the latter in particular is still bothering security company Lookout.
Lookout took us into the threat rabbit hole the last time round, when it spoke in November about a rapidly spreading infection that was "virtually impossible to get rid of".
The triple threat of Shuanet, Kemoge/ShiftyBug and Shedun/GhostPush largely targeted Android users in the US and Germany.
Shedun has now broken off and made a name for itself as a significant and crafty solo act.
"Shedun, a family of trojanised adware, is more sophisticated than many think. In addition to rooting a victim's device, Lookout observed Shedun abusing the Android Accessibility Service for its malicious means. Using the Accessibility Service toolset in the delivery of malware is pretty uncommon," said Lookout head of research and response Michael Bentley in a blog post.
The malware scans through software permissions and basically creates havoc by allowing unauthorised things. It is also very tricky to remove. You can see it in action in the video below.
"Shedun takes its adware a step further. Not only does it download the unwanted apps, but it actually attempts to install them by tricking a user into enabling Shedun to control the Accessibility Service, which is designed to provide alternative ways to interact with mobile devices," added Bentley.
"Shedun does not exploit a vulnerability in the service, instead it takes advantage of the service's legitimate features. By gaining permission to use the Accessibility Service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and press the install button without any physical interaction from the user."
The firm explained that Shedun puts bad ads on your handset, and makes money from the advertising that it serves. It is one to avoid, and Lookout reckons that more is to come. We say watch out, and be wary of where you download your Android software from. µ
Who said the week after I/O was boring?
But only inside the house
JerryRigEverything puts the OnePlus 6 through its paces
McAfee claims campaign is the work of 'Sun Team', rather than Lazarus