Jump to content

Shedun: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
KolbertBot (talk | contribs)
Bots
1,166,042 edits
Caramat (talk | contribs)
3 edits
m Fixed broken link
Line 1: Line 1:
'''Shedun''' is a family of [[malware]] software (also known as Kemoge, Shiftybug and Shuanet<ref>{{cite web|author=by @HackTheW0r1d |url=https://hackbails.wordpress.com/2015/11/05/trojanized-adware-already-infected-more-than-20000-android-apps/ |title=Shuanet, ShiftyBug and Shedun malware could auto-root your Android – HackBails |publisher=Hackbails.wordpress.com |date=2015-11-05 |accessdate=2016-10-02}}</ref><ref name="securityweek.com">{{cite web|url=http://www.securityweek.com/android-adware-abuses-accessibility-service-install-apps|title=Android Adware Abuses Accessibility Service to Install Apps |website=SecurityWeek.com|accessdate=2016-04-20}}</ref><ref name="manishsingh">{{cite web|url=http://gadgets.ndtv.com/apps/news/new-android-adware-can-download-install-apps-without-permission-report-768664|title=New Android Adware Can Download, Install Apps Without Permission: Report|author=Manish Singh|work=NDTV Gadgets360.com}}</ref>) targeting the [[Android (operating system)]] first identified in late 2015 by mobile security company [[Lookout (company)]], affecting roughly 20,000<ref name="appleinsider.com">{{cite web|url=http://forums.appleinsider.com/discussion/189949/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android|title=Three new malware strains infect 20k apps, impossible to wipe, only affect Android|work=AppleInsider Forums}}</ref> popular Android applications.<ref name="manishsingh"/><ref name="dailymail.co.uk">{{cite web|url=http://www.dailymail.co.uk/sciencetech/article-3306142/Hackers-reveal-Android-malware-IMPOSSIBLE-remove-Malicious-bug-20-000-apps.html|title=Hackers reveal Android trojan malware that is IMPOSSIBLE to remove|date=5 November 2015|work=Mail Online}}</ref><ref>{{cite web|last=Eran |first=Daniel |url=http://appleinsider.com/articles/15/11/05/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android |title=Three new malware strains infect 20k apps, impossible to wipe, only affect Android |publisher=Appleinsider.com |date=2015-11-05 |accessdate=2016-10-02}}</ref><ref>{{cite web|url=http://www.droidreport.com/android-malware-loose-shuanet-shiftybug-shedun-signatures-found-20000-apps-outside-google-11664|title=Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store|work=Droid Report}}</ref><ref>{{cite web|url=http://darkmatters.norsecorp.com/2015/11/20/shedun/|title=Shedun Trojan goes solo|work=Darkmatters}}</ref><ref>{{cite web|url=http://lavasoft.com/mylavasoft/company/blog/popular-mobile-apps-repackaged-with-trojans |title=Popular Mobile Apps Repackaged with Trojans |publisher=Lavasoft |date=2015-11-04 |accessdate=2016-10-02}}</ref> Lookout claimed the [[Hummingbad|HummingBad]] malware was also a part of the Shedun family, however, these claims were refuted.<ref>{{Cite web|url=http://blog.elevenpaths.com/2016/07/another-month-another-new-rooting.html|title=Another month, another new rooting malware family for Android|website=blog.elevenpaths.com|access-date=2016-10-09}}</ref><ref>{{Cite web|url=http://blog.checkpoint.com/2016/07/11/diy-attribution-classification-depth-analysis-mobile-malware/|title=DIY Attribution, Classification, and In-depth Analysis of Mobile Malware|date=2016-07-11|website=Check Point Blog|access-date=2016-10-09}}</ref>
'''Shedun''' is a family of [[malware]] software (also known as Kemoge, Shiftybug and Shuanet<ref>{{cite web|author=by @HackTheW0r1d |url=https://hackbails.wordpress.com/2015/11/05/trojanized-adware-already-infected-more-than-20000-android-apps/ |title=Shuanet, ShiftyBug and Shedun malware could auto-root your Android – HackBails |publisher=Hackbails.wordpress.com |date=2015-11-05 |accessdate=2016-10-02}}</ref><ref name="securityweek.com">{{cite web|url=http://www.securityweek.com/android-adware-abuses-accessibility-service-install-apps|title=Android Adware Abuses Accessibility Service to Install Apps |website=SecurityWeek.com|accessdate=2016-04-20}}</ref><ref name="manishsingh">{{cite web|url=http://gadgets.ndtv.com/apps/news/new-android-adware-can-download-install-apps-without-permission-report-768664|title=New Android Adware Can Download, Install Apps Without Permission: Report|author=Manish Singh|work=NDTV Gadgets360.com}}</ref>) targeting the [[Android (operating system)]] first identified in late 2015 by mobile security company [[Lookout (company)]], affecting roughly 20,000<ref name="appleinsider.com">{{cite web|url=http://forums.appleinsider.com/discussion/189949/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android|title=Three new malware strains infect 20k apps, impossible to wipe, only affect Android|work=AppleInsider Forums}}</ref> popular Android applications.<ref name="manishsingh"/><ref name="dailymail.co.uk">{{cite web|url=http://www.dailymail.co.uk/sciencetech/article-3306142/Hackers-reveal-Android-malware-IMPOSSIBLE-remove-Malicious-bug-20-000-apps.html|title=Hackers reveal Android trojan malware that is IMPOSSIBLE to remove|date=5 November 2015|work=Mail Online}}</ref><ref>{{cite web|last=Eran |first=Daniel |url=http://appleinsider.com/articles/15/11/05/three-new-malware-strains-infect-20k-apps-impossible-to-wipe-only-affect-android |title=Three new malware strains infect 20k apps, impossible to wipe, only affect Android |publisher=Appleinsider.com |date=2015-11-05 |accessdate=2016-10-02}}</ref><ref>{{cite web|url=http://www.droidreport.com/articles/2516/20151110/android-malware-loose-shuanet-shiftybug-shedun-signatures-found-20000-apps-outside-google.htm|title=Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store|last=|first=|date=|work=Droid Report|archive-url=|archive-date=|dead-url=|access-date=}}</ref><ref>{{cite web|url=http://darkmatters.norsecorp.com/2015/11/20/shedun/|title=Shedun Trojan goes solo|work=Darkmatters}}</ref><ref>{{cite web|url=http://lavasoft.com/mylavasoft/company/blog/popular-mobile-apps-repackaged-with-trojans |title=Popular Mobile Apps Repackaged with Trojans |publisher=Lavasoft |date=2015-11-04 |accessdate=2016-10-02}}</ref> Lookout claimed the [[Hummingbad|HummingBad]] malware was also a part of the Shedun family, however, these claims were refuted.<ref>{{Cite web|url=http://blog.elevenpaths.com/2016/07/another-month-another-new-rooting.html|title=Another month, another new rooting malware family for Android|website=blog.elevenpaths.com|access-date=2016-10-09}}</ref><ref>{{Cite web|url=http://blog.checkpoint.com/2016/07/11/diy-attribution-classification-depth-analysis-mobile-malware/|title=DIY Attribution, Classification, and In-depth Analysis of Mobile Malware|date=2016-07-11|website=Check Point Blog|access-date=2016-10-09}}</ref>


[[Avira]] Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.<ref name="avira.com">{{cite web|url=http://blog.avira.com/shedun/|title=Shedun: adware/malware family threatening your Android device|work=Avira Blog}}</ref>
[[Avira]] Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.<ref name="avira.com">{{cite web|url=http://blog.avira.com/shedun/|title=Shedun: adware/malware family threatening your Android device|work=Avira Blog}}</ref>

Revision as of 10:33, 2 January 2018

Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet[1][2][3]) targeting the Android (operating system) first identified in late 2015 by mobile security company Lookout (company), affecting roughly 20,000[4] popular Android applications.[3][5][6][7][8][9] Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.[10][11]

Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.[12] All three variants of the virus are known to share roughly ~80% of the same source code.[13][14]

In mid 2016, arstechnica reported that approximately 10.000.000 devices would be infected by this malware [15] and that new infections would still be surging.[16][17]

The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat[18])[4][19][20] with adware included, the app which remains functional is then released to a third party app store;[21] once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation[20]), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.[5][22][23]

In addition, Shedun-type malware has been detected pre-installed on 26 different types[24] of Chinese Android-based hardware such as Smartphones and Tablet computers.[25][26][27][28] [29][30][31][32][33][34][35][36][37][38][39]

Shedun-family malware is known for auto-rooting the Android OS [19][40] using well-known exploits like ExynosAbuse, Memexploit and Framaroot [41] (causing a potential privilege escalation[20][42][43])[44] and for serving trojanized adware and install themselves within the system partition of the operating system, so that not even a factory reset can remove the malware from infected devices.[45][46]

Shedun malware is known for targeting the Android Accessibility Service,[2][45][47][48][49][50][51] as well as for downloading and installing arbitrary applications[52] (usually adware) without permission,[3] it is classified as "aggressive adware" for installing potentially unwanted program [53][54][55] applications and serving ads.[56]

As of April 2016, Shedun malware is, by most security researchers, considered to be next to impossible to remove entirely.[57][58][59][60][61][62]

Avira Security researcher Pavel Ponomariov, specialized in Android malware detection tools, mobile threats detection and mobile malware detection automation research,[63] has published an in-depth analysis of the computer virus.[12]

See also

References

  1. ^ by @HackTheW0r1d (5 November 2015). "Shuanet, ShiftyBug and Shedun malware could auto-root your Android – HackBails". Hackbails.wordpress.com. Retrieved 2 October 2016.{{cite web}}: CS1 maint: numeric names: authors list (link)
  2. ^ a b "Android Adware Abuses Accessibility Service to Install Apps". SecurityWeek.com. Retrieved 20 April 2016.
  3. ^ a b c Manish Singh. "New Android Adware Can Download, Install Apps Without Permission: Report". NDTV Gadgets360.com.
  4. ^ a b "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". AppleInsider Forums.
  5. ^ a b "Hackers reveal Android trojan malware that is IMPOSSIBLE to remove". Mail Online. 5 November 2015.
  6. ^ Eran, Daniel (5 November 2015). "Three new malware strains infect 20k apps, impossible to wipe, only affect Android". Appleinsider.com. Retrieved 2 October 2016.
  7. ^ "Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store". Droid Report. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  8. ^ "Shedun Trojan goes solo". Darkmatters.
  9. ^ "Popular Mobile Apps Repackaged with Trojans". Lavasoft. 4 November 2015. Retrieved 2 October 2016.
  10. ^ "Another month, another new rooting malware family for Android". blog.elevenpaths.com. Retrieved 9 October 2016.
  11. ^ "DIY Attribution, Classification, and In-depth Analysis of Mobile Malware". Check Point Blog. 11 July 2016. Retrieved 9 October 2016.
  12. ^ a b "Shedun: adware/malware family threatening your Android device". Avira Blog.
  13. ^ "Neue Welle von Android-Malware lässt sich kaum mehr entfernen". Elektronikpraxis.vogel.de. Retrieved 20 April 2016.
  14. ^ PMK Presse, Messe & Kongresse Verlags GmbH. "Gemeinsamkeiten: Shuanet, Shedun & ShiftyBug". Itseccity.de. Retrieved 20 April 2016.
  15. ^ Dan Goodin - Jul 7, 2016 5:50 pm UTC (7 July 2016). "10 million Android phones infected by all-powerful auto-rooting apps". Ars Technica. Retrieved 2 October 2016.{{cite web}}: CS1 maint: numeric names: authors list (link)
  16. ^ "Android Trojanized Adware 'Shedun' Infections Surge". Bankinfosecurity.com. 8 July 2016. Retrieved 2 October 2016.
  17. ^ https://www.linkedin.com/pulse/android-trojanized-adware-shedun-infections-surge-mike-rogan
  18. ^ "Android-Malware: Adware war gestern. Android-Trojaner auf dem Vormarsch". botfrei Blog.
  19. ^ a b "New type of auto-rooting Android adware is nearly impossible to remove". Ars Technica.
  20. ^ a b c Michael Mimoso. "Shuanet Adware Roots Android Devices - Threatpost - The first stop for security news". Threatpost - The first stop for security news.
  21. ^ "Adware Shedun nistet sich gegen den Willen der Nutzer in Android ein". ITespresso.de.
  22. ^ "Android Trojan Software Morphs Into Real Apps, Nearly Impossible To Remove From Device's System: Report". Yibada.
  23. ^ "Android-Malware: Neue Schadsoftware rootet Geräte und ist kaum zu entfernen - Golem.de".
  24. ^ Swati Khandelwal (3 September 2015). "26 Android Phone Models Shipped with Pre-Installed Spyware". The Hacker News.
  25. ^ "G Data : Mobile Malware Report" (PDF). Public.gdatasoftware.com. Retrieved 20 April 2016.
  26. ^ Catalin Cimpanu (4 September 2015). "24 Chinese Android Smartphone Models Come with Pre-Installed Malware". softpedia.
  27. ^ David Gilbert. "Amazon Selling $40 Android Tablets That Come With Pre-Installed Malware". International Business Times.
  28. ^ "Chinese smartphones infected with pre-installed malwareSecurity Affairs". Security Affairs.
  29. ^ "Chinese Android smartphones now shipping with pre-installed malware". SC Magazine.
  30. ^ Diane Samson. "Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones". iDigitalTimes.com.
  31. ^ "Amazon's $40 Chinese Android Tablets Infected With Pre-Installed Malware". Design & Trend.
  32. ^ Jeremy Kirk (5 March 2014). "Pre-installed malware found on new Android phones". Computerworld.
  33. ^ "G Data : Mobile Malware Report" (PDF). Public.gdatasoftware.com. Retrieved 20 April 2016.
  34. ^ Waqas. "Amazon Store, a safe haven for Android Tablets with pre-installed malware". HackRead.
  35. ^ "Pre-Installed Android Malware Raises Security Risks in Supply Chain".
  36. ^ "Some Android Phones Come With Malware Pre-Installed: Report". The Huffington Post.
  37. ^ "Brand New Android Smartphones Coming with Spyware and Malware". WCCFtech.
  38. ^ "Chinese Android smartphone comes with malware pre-installed". Graham Cluley.
  39. ^ Martin Brinkmann (8 September 2015). "Beware, your Android phone might come with preloaded spyware". gHacks Technology News.
  40. ^ "Trojan adware on Android can give itself root access". The Tech Report.
  41. ^ "Shedun, Shuanet und Shiftybug: Android-Smartphone vor Malware schützen".
  42. ^ "Android-Nutzer: Achtung vor Trojaner-Adware Shedun - Check & Secure -". - Check & Secure -.
  43. ^ "New Android adware tries to root your phone so you can't remove it". ExtremeTech.
  44. ^ "More than 20,000 apps auto-root Android devices". SC Magazine UK.
  45. ^ a b "Android's accessibility service grants god-mode p0wn power".
  46. ^ "Trojanized adware family abuses accessibility service to install whatever apps it wants | Lookout Blog". Blog.lookout.com. 19 November 2015. Retrieved 10 April 2016.
  47. ^ "Shedun trojan adware is hitting the Android Accessibility Service". Theinquirer.net. Retrieved 20 April 2016.
  48. ^ "Shedun adware can install any malicious mobile appSecurity Affairs". Security Affairs.
  49. ^ Shedun gaining accessibility service privileges. 18 November 2015 – via YouTube.
  50. ^ Dennis Schirrmacher (20 November 2015). "Android-Malware: Werbeterror wie von Geisterhand". Security.
  51. ^ "Der Adware – Trojaner Shedun". trojaner-info.de. 6 December 2015.
  52. ^ Swati Khandelwal (20 November 2015). "This Malware Can Secretly Auto-Install any Android App to Your Phone". The Hacker News.
  53. ^ "Trojaner-Adware installiert selbstständig ungewollte Android-Apps". Areamobile.de. Retrieved 20 April 2016.
  54. ^ "Shedun: Neue Android-Adware installiert Apps ohne deine Einwilligung". Androidmag.
  55. ^ John Woll. "Installation auch nach Ablehnung: Neue dreiste Android-Adware".
  56. ^ "Android Shedun Malware: New Malware That Can Grant Access to Your Phone; Malware Impossible To Be Removed?". Yibada.
  57. ^ "Gefährliche Android-Schadsoftware: Oft hilft nur neues Gerät". Noz.de. Retrieved 20 April 2016.
  58. ^ "Shedun trojan adware is hitting the Android Accessibility Service". The Inquirer. 20 November 2015. Retrieved 10 April 2016.
  59. ^ "Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire | Lookout Blog". Blog.lookout.com. 4 November 2015. Retrieved 10 April 2016.
  60. ^ "Shuanet, ShiftyBug and Shedun malware could auto-root your Android". Betanews.com. Retrieved 10 April 2016.
  61. ^ "New Family Of Android Malware Virtually Impossible To Remove: Say Hello To Shedun, Shuanet And ShiftyBug : PERSONAL TECH". Tech Times. Retrieved 10 April 2016.
  62. ^ Goodin, Dan (19 November 2015). "Android adware can install itself even when users explicitly reject it". Ars Technica. Retrieved 10 April 2016.
  63. ^ "Pavel Ponomariov - Avira Blog". Avira Blog.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Shedun&oldid=818231037"