Friday, November 20, 2015

Android Adware Can Install Itself After Being Denied By User.

Researchers have discovered a malicious apps which can get installed on android device even when a user has specifically tapped a button rejecting the app.

The hijacking take effect once a user has installed a trojanized app that disguises iitself as an Play-Store app and then it appears in third-party markets. Throughout the installation, apps from an adware family called Shedun attempt to trick individuals into granting the app management over the android Accessibility Service, that is intended to grant vision-impaired users alternate approach to act with their android mobile devices. Ironically adequate, Shedun apps attempts to gain such authority over the devices by displaying dialogs like this one, that assure to assist to get rid of such invasive

advertisements.
The following video shows the forced installation in action.


From that time on, the app has the power to show pop-up ads that install extremely invasive adware. Even in cases wherever a user rejects the request to install the adware or even ignores the request, the Shedun-generated app uses its management over the accessibility service to install the adware anyway.

"Shedun does'nt exploit a vulnerability in the service," researchers from mobile security company Lookout wrote in a blog. "Instead it make use of the service’s valid features. By getting the authorization to use the accessibility service, Shedun can now read the text that emerges on the screen, Confirms if an application installation prompt is shown, scroll through the permission list, and eventually, tap the install button without any touching or physical interaction from the user."

Shedun is one of the variant of adware that can't be easily uninstalled that's due to the apps that root the device and then insert itself into the system partition to ensure they remain in the user device even when the device is factory reset.


Lookout labelled them as "trojanized adware" because the ultimate goal of this malware is to install secondary apps & serve aggressive advertising. 
The ability to use social engineering to hijack the Android Accessibility Service is one more sign of the ability and ingenuity placed into this new variant of application. So User Should anxiously weigh the risks and advantages of installing apps from this third-party app markets. User should also be extremely suspicious of any app that asks for accessing control over the Android Accessibility Service.

No comments:

Post a Comment