Own an Android Smartphone?
Hackers can install any malicious third-party app on your smartphone remotely even if you have clearly tapped a reject button of the app.
Security researchers have uncovered a trojanized adware family that has the capability to automatically install any app on an Android device by abusing the operating system’s accessibility features.
Michael Bentley, head of response at mobile security firm Lookout, warned in a blog post published Thursday that the team has found three adware families:
- Shedun (GhostPush)
- Kemoge (ShiftyBug)
But, it seems that the Shedun adware family has capabilities that go beyond the reach of other adware families.
The Malware Doesn’t Exploit Any Vulnerability
It is worth noting that the malware does not exploit any flaw in the service to hijack an Android device and instead relies on the service’s legitimate functionality.
During the installation, apps from the Shedun adware family tricks users into granting them access to theAndroid Accessibility Service, which is meant to provide users alternative ways to interact with their smartphone devices.
By gaining access to the accessibility service, Shedun can:
- Read the text that appears on the phone screen
- Determine an app installation prompt
- Scroll through the permission list
- Finally, Press the install button without any physical interaction from the user
You can watch the following video that shows the forced installation of an app in action.