If you’re one of the global majority who are Android smartphone or tablet users (essentially, anything that’s not an Apple iPhone or a Windows phone), software investigators have some startling bad news for you: your apps may already be infected with malware.

Cyberdetectives have already uncovered three strains of malware—named Shuanet, Kemoge and Shudun—that get into your device and trojanize your existing apps. They also “repackage” known apps by masquerading as the real thing. That means that apps like Facebook, Snapchat, or other similar high-volume apps become encased in these malware programs, and there is literally no way to get rid of it other than buying a new phone.

Once these malicious programs infect your device, they embed ads in all of your apps. That sounds harmless enough, especially since web-based ads are just a fact of using the internet, but these bombard your apps with so many ads that they are rendered virtually useless. The hackers, meanwhile, earn a hefty income from advertisers for placing these ads on all of your favorite places.

How do these strains of malicious software infect your device? They already exist in the apps that you download from third-party app stores.

Third-party app stores are websites that sell apps, movies, music, and other content for your phone or tablet, only there’s no security vetting. They’re basically the Wild West of technology, since there’s no oversight and anyone who develops an app can market and sell it. That means that hackers can load apps for sale in the app store, typically charging nothing or next to nothing, then take advantage of your device once you download.

One of the more notorious types of app for malicious processes has long been rumored to be the flashlight apps, many of which were available for free from the app store. It was later uncovered that many of those free light apps actually rooted out your contacts list and took the info for spam and phishing purposes. Users have been cautioned for some time now not to download flashlight apps from third-party vendors for that very reason.

When you go outside of your phone’s legitimately recognized marketplace for content, you’re taking a serious risk. The third-party sellers are notoriously under-attended, meaning they don’t have the time or manpower to inspect the code behind each and every app that gets posted for sale. Coupled with the attitudes of “everyone is welcome” that many of these sales portals have, it’s not hard to figure out why malware can get through.

Unfortunately, as researchers have explained, there’s no way to get rid of these strains of malware. Your only option is to replace your phone or tablet with a new model, and to remember to avoid the shadier side of app markets in the future.


ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.