When you download a popular app to your Android smartphone, make sure you know the source.
Lookout says there are a number of things that make this development worrisome. First, this new generation of malware roots the device when the user installs it, making it, for all intents, a system application.
“Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated,” Lookout's Michael Bentley writes in the company blog. “This is a new trend for adware and an alarming one at that.”
And it gets worse. Consumers are downloading this dangerous new form of adware because it has been integrated into many legitimate and popular apps, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, and WhatsApp.
Bentley says hackers simply repackage and inject malicious code into these popular applications, and then later publish them to third-party app stores. He says many of these apps are actually fully-functional, providing their usual services, in addition to the malicious code that roots the device. That means the user has no way of knowing his or her device has been compromised.
Lookout says it has found thousands of these trojanized apps in third party app stores. When a consumer downloads one of these hijacked apps, it usually means having to buy a new phone, since the malware often can't be removed.
The company says the developers of apps that have been hijacked are also victims, since their brands may suffer with the spread of the malicious adware.
Meanwhile the danger is likely to increase.
“We expect this class of trojanized adware to continue gaining sophistication over time, leveraging its root privilege to further exploit user devices, allow additional malware to gain read or write privileges in the system directory, and better hide evidence of its presence and activities,” Bentley concludes.