May 12, 2021 | Updated: 08:45 AM EDT

Android Malware On The Loose: Shuanet, ShiftyBug And Shedun Signatures Found On 20,000 Apps Outside Google Play Store

Nov 10, 2015 03:26 AM EST

Given the fact that most of Google Play Store’s offerings are free, a regular Android user may wonder why their “savvier” counterparts would choose to install apps from third-party software repositories. But these third-party app repositories exist, and they apparently enjoy a good following. More than that, these third-party app repositories are now the main ways that Android users can get their devices infected with three new Android malware “families,” dubbed “Shuanet,” “ShiftyBug,” and “Shedun.”

In the past, it was understandable why Android users would even dare to install apps from third-party sources:

-Some whitebox Androids didn’t come with Google Play Store installed, so the savvier users may have needed to find other ways to install apps with their Androids.

-When the Android platform was still new, it was a time of experimentation and there was an intense fascination with modding. Nowadays, when the Android as an OS has gotten more refined, and with new malware or vulnerabilities hogging the headlines almost every week, Android users have gotten more cautious.

-There are some apps that may not have been approved by the Google Play Store, and Android users who absolutely need these apps may have had to resort to sideloading.

However, in the quarter where experts and end users alike still haven’t gotten over the Stagefright vulnerability, there is absolutely no reason why Android users should throw caution to the wind and use third-party app repositories. If the public hasn’t learned from the iOS hacks from the heart of mainland China just yet, we should remind you that these truly malevolent malware came from unofficial, unlicensed, therefore not recommended repositories such as Cydia. In like manner, the easiest way that an Android user would get their device infected or bricked would be through sideloading apps, or downloading them from Android versions of app repositories like Cydia.

According to a report from Tech Times, the three Android malware families, Shuanet, Kemoge a.k.a. “ShiftyBug,” and Shedun a.k.a. “GhostPush,” have codes that are 71 to 82% identical, which means that these three malware families may have one group behind them, or that these codes are being passed from malware developer or hacker to another. The method of infection for these three are also largely similar: They work in the background of the device, go largely undetected, and may even root the device. The end-user, then, has no other recourse but to either have their phone re-flashed by a technician, or just get another Android altogether.

The same Tech Times report also states, and assures, that in spite of how these three malware families have already been injected into 20,000 apps, including the infected versions of Facebook, Twitter, and Snapchat, Lookout Mobile Security has reported that there are absolutely no traces of the malware code in the Google Play Store versions of these said apps.

Which brings us back to the main reason why end users’ devices would get infected in the first place: In this day and age, it is NOT a good idea to sideload apps, or to get them from sources other than the Google Play Store. The daredevils who do this to themselves shouldn’t be called “savvy.” A better term to use for them would be “foolhardy,” or just plain “foolish.” Remember, folks, the Google Play Store has a “bouncer” which works 24/7 at kicking out apps that have Android malware strains in them. Why would you risk your device and data by installing from sources outside of Google Play?


For more on the Android malware report, here is the Tech Times post:

Real Time Analytics