From the 11 vulnerabilities found, Samsung already fixed 9 of them through their Maintenance Patch in October. But 3 of them remain. The good thing is that those two vulnerabilities that remain have lower severity.
The majority of these issues were fixed on the device Google tested via an OTA update within 90 days, though three lower-severity issues remain unfixed. It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame.
More seriously was what Lookout found this week. The team has revealed that it’s so hard to get rid of, once your smartphone is infected, you’re better off throwing it in the bin (is that bad??). According to Lookout there are thousands of samples of the malware floating around on various app stores.
Named Shedun, Shuanet, and ShiftyBug, they all share the same code and use similar tactics to infect the victim’s phone.
Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.
Unlike older types of adware that were blatantly trying to access devices, this new type of adware is silent, working secretly in the background.
Unbeknownst to the user these malicious apps root the device with victims unlikely be able to uninstall the malware.
Lookout says this may leave them with the options of either seeking out professional help to remove it, or simply purchasing a new device.
It’s thought most of the infections are coming via third party app stores, with Android users being advised to only download trusted apps from Google’s Play Store.