Auto-Rooting Android Malware Infests Thousands Of Apps, Is Practically Impossible To Kill
Security firm Lookout has just revealed what could be one of the most hard-hitting pieces of malware to ever hit Android. It doesn't have an official name, except to be referred to as "trojanized adware", and right from the top, we can tell you that if you only stick to downloading apps through Google's Play Store, you have nothing to worry about.
There are two things that make this piece of malware so severe. First, it's effectively wrapped around legitimate apps. Users can download these, such as Facebook and Snapchat, and install them normally. Nothing will look out-of-the-ordinary, and Google won't raise a fuss outside of the original warning that comes with installing out-of-store apps.
The second thing is that once installed, this malware is extremely difficult to remove. Lookout notes that in many cases, people will have to end up getting a new device. That's because this malware has the unbelievable ability to automatically root the device, a process that automatically blows the doors open for a complete device takeover.
Given the 'adware' portion of this malware, it seems unlikely that its developers are interested in messing up your device. After all, a bunk device means you won't see ads at all, and that's the sole purpose of this - to make fat stacks. As a regular user, though, it'd be incredibly annoying to see ads pop-up on your screen at random.
Lookout claims that this malware is "nearly impossible to remove", but it seems extremely unlikely that it couldn't be overwritten if a user is able to flash an official ROM back over to the device and restore it from scratch - something that can be done outside of the Android OS itself. The article doesn't mention whether or not the recovery partition is affected, and even if it were, that too could be recovered if the original files can be sourced. This kind of process would require a lot of effort, but it'd beat having to run out and purchase a new phone. Though in the case of those not willing (or able) to get their hands dirty, buying a new modest device might actually be less expensive than getting the compromised one fixed in the store.
The fortunate thing in all of this is that this affects apps only downloaded outside of the official Play Store. That's all the more reason to stay within those confines, especially at the enterprise level.