20,000 samples of irrevocable Android adware?

[SteveISU]

"Auto-rooting adware is a worrying development in the Android ecosystem in which malware roots the device automatically after the user installs it, embeds itself as a system application, and becomes nearly impossible to remove. Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated. This is a new trend for adware and an alarming one at that.​

Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others."
​

https://blog.lookout.com/blog/2015/11/04/trojanized-adware/

 

[B. Diddy]

Yeah, this is worrisome. All the more reason to avoid 3rd party appstores or shadier filesharing sites, and stick with Google Play Store or Amazon Underground.

 

[SteveISU]

I know there are a lot of impatient people who will side load an app if the don't get the latest the minute it comes out. Hopefully this will make them think twice.

 

[LeoRex]

Why do you think Google's been making it harder and harder to root? In 4.X, you could root your phone with a simple one-click app... which was a HUGE security hole that I am sure is being exploited here. When 5.0 was released and Nexus owners found out that a modified kernel was required for root, people took that as Google being hostile to users wanting admin access. I saw it differently... this reduces the chances of a malicious application weaseling its way into your system partition.

And with 6.0, things got even tighter.... root access does not guarantee read/write access to the system partition.

I'm just taking a stab at this, but I think that the devices being infected here are mostly Kitkat or older (well, any 5.0+ were probably already rooted to start with)