Skip to main content

Always Use Protection

November 05, 2015

The pace at which security exploits are being discovered on mobile operating systems is skyrocketing. They’re also having a major impact on device security, performance, and in some circumstances, can render your device useless and irreparably damaged. I’ll say it again. Your device can be rendered useless and irreparably damaged.  

What am I talking about?

It has a name and it’s “SHIFTY BUG”! This one is wicked and is targeted at Android devices. Within the last week, more than 20k apps have been discovered to have trojanized adware appearing as completely legitimate applications. You’re probably very familiar with some of these applications such as:

  • Candy Crush
  • Facebook
  • GoogleNow
  • NYTimesOkta
  • Snapchat

The list is just the tip of the iceberg.

What does it do?

The threats inject malicious code into popular applications that are found on the most frequented app stores. Third-party app stores are then leveraged to host the maliciously masqueraded applications and appear to be fully functional. However, the applications have the addition of a payload that is capable of rooting the device. 

If you stick with “standard” app stores such as Google Play or Amazon, the apps are fine; it is only when they are downloaded from less reputable, third-party stores that they may contain the malware.  

I can stop this, right?

Not so fast. Earlier iterations of the adware were relatively simplistic in nature and considered to be more of a nuisance. You may notice adware popups inside your applications; but oftentimes this latest breed will run silently in the background and compromise your device without your knowledge. If your device has been infected, you will very likely be unable to remove it without the assistance of a professional or be faced with the decision of purchasing a new device.

As with many other exploits, this too has genealogy to known threats. If you’re familiar with Memexploit, Framaroot or ExynosAbuse, then you’re probably aware of the control an application can gain through the exploits.

Ok, I get it. I should always have protection, right?

RIGHT!  If you’re like most people, then you’re carrying around a lot of sensitive information on your device(s) that you don’t want getting out in to the wild.  Also, if you want to avoid the hundreds of dollars in cost of having to purchase a new device then protect your device(s) with mobile security software that is capable of detecting and protecting you from known and unknown threats.

Here’s another perspective that may help:

Co$t_of_prevention < co$t_of_remediation

Related Blogs

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

August 11, 2015

Pull My Finger...print

It appears yet another Android vulnerability has been identified that is worthy of mention. As you may know, a few days ago at the Black Hat conferenc...

See Details

June 20, 2014

Android Hacker’s Handbook Crowd Sourced Q & A Session

Recently I participated in a live crowd sourced question and answer session on a popular user-submitted content website. Along with my fellow authors ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 15, 2014

Application Security by Obscurity | Optiv

“Security by obscurity” is a pejorative term to most in the security industry and with good reason. Typically, it’s just a matter of time before light...

See Details

May 05, 2011

Mobile Security Universal Issues | Optiv

It seems everywhere I go I’m having interesting conversations with senior level government officials regarding mobile security.  A lot of these conver...

See Details

April 02, 2010

Enterprise Management - Network Security Threats | Optiv

I visit lots of customer sites each year and see many security-related commonalities amongst them. At the top of this list, from a network security pe...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.