Unkillable Android malware is still out there — how to protect yourself
Nearly 15% of all Android adware and malware strains can’t be deleted, according to new research by one of the world’s leading antivirus companies.
Moscow-based cybersecurity firm Kaspersky says a significant number of mobile users have been affected over the past year by malware infections that take root in the Android system partition.
Kaspersky explained in a press release that this type of attack “entails a high level of risk for the users of infected devices, as a security solution cannot access the system directories, meaning it cannot remove the malicious files.”
The antivirus company said that 14.8% of users who ran Kaspersky’s Android antivirus app who had been attacked with Android malware or adware in 2019 had been unable to delete it as a result of the threat being installed on the system partition.
The company also found, as stated in a posting on its technical-minded SecureList blog, that 1%-5% of its Android customers encountered this kind of unremovable adware, but that for users of budget handsets, that figure could reach 27%.
That’s because many Android devices come with pre-installed applications that cannot be deleted, and adware and malware can get hooks into those permanent apps to gain a lasting foothold.
According to Kaspersky, cybercrooks are using system-partition infections to install adware on the devices of unsuspecting users and use two methods to infect a device.
Either “the threat gains root access on a device and installs adware in the system partition, or the code for displaying ads gets into the firmware of the device before it even ends up in the hands of the consumer”.
How to stay safe from this kind of Android malware
So what can you do about this? Prevention is the best policy: Don’t buy cheap phones from no-name companies, as those are the types of devices that are most likely to have pre-installed adware or even spyware.
You’ll also want to install and run one of the best Android antivirus apps, as that will greatly improve the chances that adware and malware will be stopped before it infects your device. Don’t rely on the built-in Google Play Protect.
Unfortunately, if you do end up with a phone on which adware was installed before purchase, you’re kind of stuck with it.
“If a user purchases a device with such pre-installed advertising, it is often impossible to remove it without risking damage to the system,” said the Kaspersky blog post.
If your otherwise clean phone does end up infected by system-partition adware, then the best thing to do is to wipe the device and reinstall the Android operating system. A factory reset won’t work by itself.
In hiding
In its research, Kaspersky detected a range of malicious applications hiding in system directories.
These include Trojans such as the “unkillable” Triada downloader and others capable of installing and running apps without the user knowing, along with “less threatening” adware. In the blog post, Kaspersky researchers detailed at least 10 fairly new malware and adware strains that are “unkillable” to various degrees.
“In some cases, adware modules were pre-installed before the user even received their device, which could lead to potentially undesired and unplanned consequences,” explained the researchers.
“For instance, many smartphones have functions providing remote access to the device,” the Kaspersky blog post added. “If abused, such a feature could lead to a data compromise of a user’s device.”
Sneaky tactics
The researchers explained that many smartphone makers insert adware in their devices.
Some manufacturers let users stop or remove the adware, but many don’t, and some smartphone makers even say the ads are part of their business model so they can keep their devices cheap. (This applies to even some pricier phones, alas.)
The reality, the Kaspersky researchers said in their blog post, is that “the user generally has no choice between buying the device at the full price, or a little cheaper with lifetime advertising.”
“Our analysis demonstrates that mobile users are not only regularly attacked by adware and other threats, but their device may also be at risk even before they purchased it,” the Kaspersky press release noted. “Customers don’t even suspect that they are spending their cash on a pocket-sized billboard.”
“I advise users to look carefully into the model of smartphone they are looking to buy and take these risks into account,” said Kaspersky’s Igor Golovin. “At the end of the day, it is often a choice between a cheaper device or a more user-friendly one.”