New Android malware is so bad, you’d better off buying a new phone

“We’ve seen Android malware that takes your photos and videos for ransom, and there’s one that can mimic your phone’s shutdown process and spy on you even though the phone appears to be off,” Stan Schroeder reports for Mashable. “But a new family of malware, detailed by security firm Lookout on Wednesday, is probably the scariest we’ve heard of: It’s so hard to remove that, in some cases, victims might be better off just buying a new device.”

“Lookout’s researchers have found 20,000 samples of three pieces of malware, named Shedun, Shuanet, and ShiftyBug, which share a lot of the same code and use similar tactics to infect the victim’s phone,” Schroeder reports. “Once installed — usually from a third-party app store — these apps root the victim’s device, embed themselves as system-level services, and shapeshift into legitimate, popular apps, including Facebook, Candy Crush, Twitter, Snapchat, WhatsApp and others.”

Schroeder reports, “Once infected, it’s very hard to remove these types of malware. “For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone,” wrote Lookout’s Michael Bentley in a blog pos”

Read more in the full article here.

MacDailyNews Take: Yet another reason for the settlers to finally go get themselves a real iPhone.

Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013

[Thanks to MacDailyNews Reader “Dan K.” for the heads up.]


  1. Actually the title is quit true.
    And several people I know look at it this way…
    A Acer QuadCore 8 Mb onboard memory Android phone runs for all of 110 bucks – so if the person can get one year out of it and fills with a bung load of malware – buying another phone is very economical. Add in the carrier costs and data charges – yes a decent hundred dollar phone lasting a year and buying a new model the next is not so bad of an idea.

    1. And in addition, the removable SD card carries all contacts and other personal info. Very easy to port over to the new phone.
      My advise is… clean the fffff out of that SD card before you get a new phone peeps.

    2. Actually, I know several people who break, lose, get bored with their phone and end up with a new one at least every year! so it makes sense for them to buy the cheapest piece of crap they can find.

      Now they cannot do a lot with these phones and saving free music and pictures can be impossible or at least very hard. So they just do everything over again. And they put up with that.

      Cool. Me, I have much better things to do with my time. But I do not begrudge them their cheap phone. It serves them… well it kinda serves them… If you know what I mean. 🙂

    3. “if the person can get one year out of it”

      1) the question is ‘if’. Supposed it gets infected with bad malware say two months in, then will you still get one year of use? Unless of course you are willing to run it for another 10 months with say an app that is spying to you through the camera.

      2) how much have you wasted using a phone with malware , then buying a new phone and doing a clean install (i. e you probably can’t transfer direct from the old malware infected phone) especially if like many android users you got software from all over . What if many of your personal files and emails etc also got corrupted?

      3) if you got a $800 iPhone and sold it two years later for say $400, it means you have spent $200 a year vs your 110 for a lousy android. For an extra 100 a year you get a top of the line phone (the 6S is better by most reviewers than top of the line just as expensive samsung’s etc so it’s going to be much better than a 110 phone), superior apps, superior eco system, software updates including security patches, Apple support etc.
      The time you save using a superior phone like the finger print sensor that ‘just works’ instead of 5 trial swipes or no finger fingerprint sensor at all for a cheap android (in addition to the time saved from having not to deal with malware) is easily worth 100 a year. To most sensible people.

    4. And yet the Apple haters claim that *iPhones* get thrown in the trash after every new release.

      If you care about the environment, don’t get a cheap Android (or cheap printer, or cheap PC, or cheap ANYTHING really).

    5. Well, there is a big difference between a smartphone having NO malware and being useable (for about a year) although it has some (but not too much) malware. Based on your assessment, that’s the difference between using an iPhone and an Android phone. 🙂

      The “so hard to remove… better off just buying a new device” part is probably because a “restore” on an Android phone is done from the device. Since the device is running the procedure, it is impossible to completely erase it. For an iPhone, there is a distinction BETWEEN an Erase, done from the device to remove all user data and reset settings to default, AND a Restore, done using iTunes on a computer to completely erase the tethered device and restore it to “factory” condition.

    6. That’s a really unusual perspective, given what spyware and smart phones are. How does the device being relatively cheap, make it a good idea to allow anonymous criminals to have unrestricted access your all phone calls, emails, photographs, web history, and GPS location? What situation could possibly make exposing yourself to that level of criminal spying just an acceptable trade-off?

      Maybe you’re one of those, “I’ve got nothing to hide” folks. I totally understand how people fall for that when it’s “just” the government spying on you. But I don’t understand how you can extend that fallacy into trusting every person in the world with a criminal motive to install spyware on your phone. Have you ever imagined the many ways that can come back to bite you in you ass one day? How all that information continuously stolen from your phones could make you an easy mark for theft, robbery, extortion, or something much worse?

      Frankly, I’m worried you haven’t actually thought this through. If you have, and still think a $110 a year is a good price for all that, it’s your call.

  2. Windows is the same way. Since a lot of people only spend around $400 on a computer, it’s often more economical just to buy a new computer when they get a virus than to take it to a repair shop and get the virus removed.

          1. Same way you would not transfer infected XcodeGhost Apps, you would omit them from the transfer. Now, if you’re not knowledgeable enough to do that, it would be up to Apple and Google to remove them from their stores. Which they do.

            1. That’s a really good point! It highlights why user access to a filesystem and user control of file location is important. If you were able, you could have had separate backups, offline, that would have preserved those files.

    1. This is exactly true with Windows, in the year 2000 I bought a G4 tower that I ran daily for 10years, while my brother in law who ran a janitorial business in those 10 years went through about 10 pc’s. Every time one of his pc’s got so infected he send it off to e-waste and just buy a new one, he said it was faster and less headaches to do it that way. And I remember people balking at me about spending $2800 for my G4, well lot of people I knew spent at least that and more over the 10 years I ran that G4 into the ground. I sometimes had that thing going around the clock rendering visual efx for the work I was doing back then. Android appears to much the same.

  3. And that is why Android phones are often offered in 2-for-1 deals. Eventually, you will need to toss your first phone and start using the second one until it fills will malware.

  4. R O O T K I T !

    Toss your fragmandroid phone in the trash.
    Have your provider wipe it clean and start from scratch with THE LASTEST version of Android. If they won’t do it for you, it’s time for a class action lawsuit, IMHO.

    It’s time Android grew up and became a serious OS. Otherwise, I’d rather see it raped, killed, stabbed, burned, raped and killed some more. It’s a ridiculous OS at this point and the barrage of Android security hell has GOT TO STOP NOW.

    1. But if it stopped being trash, it might become a viable alternative to iOS.

      Then again, does it really matter? The Android OS update mechanism is so badly broken that >Last Year’s< Lollipop update is only on <25% of phones and Marshmallow doesn't even register yet. Personally I'd like to see a breakdown of the number of Lollipop users that upgraded to it or had it preinstalled on their phones. I think that's an important number that gets completely ignored.

      The Android OS upgrade procedure has been broken since day one and Google doesn't care enough to fix it. It reminds me of the old SNL bit with Gilda Radner playing a phone operator saying, "We're the phone company. We don't care. We don't have to."

      1. … Only on Google’s own Nexus phones. – Hopefully other phone makers have been remedying that.

        As a fan of competition, it would be great if Android could be a serious competitor with iOS. We know that is some ways it has been and has prompted/inspired/pushed Apple to implement upgrades to iOS to compete with Android.

        But, this Android security hell has got to stop. Google has been taking it a bit more seriously, adding at least some degree of app vetting at their Google Play Store. And yet, the Stagefright series of security holes this summer were an incredible mess, where a mere malicious message to an Android phone could mean total phone pwnage. It doesn’t get worse. Fragmandroid stopped dead any chance of it being patched on all Android phones. It’s simply not going to happen, with awful consequences.

  5. Good grief people. Reading comprehension on MDN must be at an all-time low. This is referring to 3rd party app stores, not the Google Play store.

    iPhone is inherently more secure than Android, but the average Android user in the 1st world is never going to encounter this stuff. 3rd party app stores are used in the developing world where they can’t access Google Play.

    Impoverished people can’t pull $650 out of their pocket for an iPhone. Smartphones ARE giving them the tools to do things they’ve never been able to, and smartphone to them means Android because there’s nothing else available to run the phones they can afford.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.