HOME

TheInfoList



Click Here for Items Related To - Shedun
OR:
Shedun on:   [Wikipedia]   [Google]   [Amazon]

Shedun is a family of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
software (also known as Kemoge, Shiftybug and Shuanet) targeting the Android operating system first identified in late 2015 by mobile security company
Lookout A lookout or look-out is a person in charge of the observation of hazards. The term originally comes from a naval background, where lookouts would watch for other ships, land, and various dangers. The term has now passed into wider parlance. ...
, affecting roughly 20,000 popular Android applications. Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted. Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day. All three variants of the virus are known to share roughly ~80% of the same source code. In mid 2016, arstechnica reported that approximately 10.000.000 devices would be infected by this malware and that new infections would still be surging. The malware's primary attack vector is repackaging legitimate Android applications (e.g.
Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin ...
,
Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...
,
WhatsApp WhatsApp (also called WhatsApp Messenger) is an internationally available freeware, cross-platform, centralized instant messaging (IM) and voice-over-IP (VoIP) service owned by American company Meta Platforms (formerly Facebook). It allows user ...
, Candy Crush, Google Now, Snapchat) with adware included. The app which remains functional is then released to a third party app store; once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to
root In vascular plants, the roots are the organs of a plant that are modified to provide anchorage for the plant and take in water and nutrients into the plant body, which allows plants to grow taller and faster. They are most often below the sur ...
affected devices and re-flash a custom ROM. In addition, Shedun-type malware has been detected pre-installed on 26 different types of Chinese Android-based hardware such as
Smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s and
Tablet computer A tablet computer, commonly shortened to tablet, is a mobile device, typically with a mobile operating system and touchscreen display processing circuitry, and a rechargeable battery in a single, thin and flat package. Tablets, being comput ...
s. Shedun-family malware is known for auto- rooting the Android OS using well-known exploits like ExynosAbuse, Memexploit and Framaroot (causing a potential privilege escalation) and for serving trojanized
adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...
and installing themselves within the
system partition The system partition and the boot partition (also known as the system volume and the boot volume) are computing terms for disk partitions of a hard disk drive or solid-state drive that must exist and be properly configured for a computer to oper ...
of the
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
, so that not even a factory reset can remove the malware from infected devices. Shedun malware is known for targeting the Android Accessibility Service, as well as for downloading and installing arbitrary applications (usually
adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...
) without permission. It is classified as "aggressive adware" for installing potentially unwanted program applications and serving ads. As of April 2016, Shedun malware is considered by most security researchers to be next to impossible to entirely remove. Avira Security researcher Pavel Ponomariov, who specializes in Android malware detection tools, mobile threat detection, and mobile malware detection automation research, has published an in-depth analysis of this malware. The countries most infected by this virus were in Asia including China, India, Philippines, Indonesia and Turkey.


See also

* Brain Test *
Dendroid (Malware) Dendroid is malware that affects Android OS and targets the mobile platform. It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300. Certain features were noted as being used in Dendroid, such as the ...
*
Computer virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...
* File binder * Individual mobility *
Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
*
Trojan horse (computing) In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans generally spread by some form ...
* Worm (computing) *
Mobile operating system A mobile operating system is an operating system for mobile phones, tablet computer, tablets, smartwatches, smartglasses, or other non-laptop personal computing, personal mobile computing devices. While computers such as typical laptops are "mobi ...


References

{{Use dmy dates, date=August 2016 Software distribution Trojan horses Social engineering (computer security) Rootkits Privilege escalation exploits Adware Online advertising Android (operating system) malware Mobile security Spyware Privacy Cybercrime in India