Home Business IT Security Android malware being created faster than it can be patched
Android malware being created faster than it can be patched Featured

Hummer, Hummingbad, Shedun, Androis_Libskin, right_core … all do similar things. In fact, it has been discovered that they all have the same roots. And they are multiplying faster than rabbits in a good mood.

Mobile security expert Lookout says it discovered the original threat in November 2015 — I have had several releases from other vendors claiming that too  but it seems to have the most comprehensive, FUD-free, information about it. It makes no claims  as have others  of a billion infections!

Its blog says the generic name is Shedun and it is adware that roots Android devices. It appears to come from infected side loaded  e.g. not from Google Play  apps masquerading as legitimate apps such as Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app.

Lookout says it has also seen it also in various forms including Candy Crush, Facebook, GoogleNow, NYTimes, Snapchat, and many others – in fact, it says the malware has infected up to 20,000 apps and more are being infected.

These apps have been altered by cybercriminals using legitimate certificates and placed in third-party app stores so popular in Asia where Google Play may not be accessible. The apps are fully functional, and it is hard for a user to know if they are infected as the rooting is silent. The bottom line is you cannot trust any third-party app store.

Three similar families are associated with Shedun (GhostPush): Shuanet, ShiftyBug (Kemoge), and BrainTest. They share 71 to 82% of the codebase. They are all managed and further developed by rival Asian-based cybercriminal families.

While it is commonly said that Android with a paid antivirus/malware app is now as safe as iOS  that is another story as Apple will not allow AV companies into its ecosystem — it is becoming clear that you need to get to Android M or N as soon as possible and you need to buy from a maker that delivers prompt updates. In the past six months, Google has patched 270 known vulnerabilities – 108 in the latest batch in July.

It is not all Android’s fault either – 60% of the patches are related to vendor-specific components from Qualcomm, MediaTek, and NVIDIA that affect everything from software that controls Wi-Fi, graphics, sound to camera, power, and displays.

The huge issue is that these patches are being delayed by the makers and telcos and with many brands, you are lucky ever to see them at all. Google has instruction on how to check the security patch status for Nexus devices here. Pure Android must happen soon or proprietary operating systems like Tizen will be adopted.

Most paid anti-virus/malware products now provide protection but if the user is infected the only cure is a reflash of the ROM as trojan lives in the infected image. Re-Flashing requires higher levels of technical expertise.


Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!


Popular News




Guest Opinion


Sponsored News