Android apps are easily available for download from different websites. But in most cases apps will be having adware, to which the user is unknown. These malicious apps auto-root the host device, and then become virtually impossible to remove.
Security firm Lookout reports that it has found over 20,000 samples of such malicious apps. These apps pretence themselves as official versions of several popular apps such as Facebook,Candy Crush, WhatsApp etc. The apps root the device, exposing it to a host of more attacks. India is among the countries that are most affected by this vulnerability.
Even after this attack the apps seem to be fully-functional and because of that a victim might not get suspicious. Most of these apps, however, only seem to display ads on the infected devices. . Since this form of malware has root access, it doesn’t need to annoy the reader, and most users probably won’t even know they’ve been infected. It’s effectively a family of trojan viruses.
The report also point out the fact that how unsafe it is to download apps from untrusted sources. It is advised that users only download apps from Google Play and have a look at the data the app seeks permission for at the time of installation. Lookout reports that successfully embedded instances of this malware are “nearly impossible” to remove, and that the only solution for most users will be to purchase a new phone.