<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><img class=" wp-image-2256 aligncenter" src="http://cdn2.hubspot.net/hubfs/2548414/Imported_Blog_Media/android_app_updates-600x388.jpg" alt="android_app_updates-600x388" width="421" height="272"></p> <p>There has been a recent surge of a malware most commonly known as <a href="https://blog.lookout.com/blog/2016/07/06/shedun-hummingbad-hummer/">Shedun</a> or <a href="http://blog.checkpoint.com/2016/07/01/from-hummingbad-to-worse-new-in-depth-details-and-analysis-of-the-hummingbad-andriod-malware-campaign/">HummingBad</a> that has infected around 10 million Android phones. <a href="https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/">Lookout</a> discovered Shedun back in November of 2015, and found that the creators of the malware have made it quite easy to deceive their victims into unintentionally downloading the software. The user will go to the <a href="http://www.securityweek.com/leveldropper-autorooting-malware-spotted-google-play">Google Play store</a>&nbsp;and download what they believe is a legitimate app such as Facebook, Twitter, WhatsApp etc., but what they’re actually doing is installing the Shedun malware on to their phone.</p> <!--more--><p>Shedun is a <a href="https://en.wikipedia.org/wiki/Rootkit">rootkit</a> type of malware, which allows the threat actors to have access and control over the infected users device. Rootkit can gain access to documents and files on the device, which can allow the hackers to steal or alter any documents. This type of malware has also been known to conceal other form of password stealing malware such as <a href="https://en.wikipedia.org/wiki/Keystroke_logging">key logger</a>.</p> <p><a href="https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/">Check Point</a> has stated that Shedun has the ability to read the text that is on users a screen. The malware has been reported by <a href="http://www.bbc.com/news/technology-36744925">BBC News</a> to have the ability to watch browsing habits of its infected host. In addition to these threats for the user, once the software is downloaded it can “insert itself deep inside a phone's operating system to help it avoid detection”. This of course makes it difficult for a person to know whether or not their phone has been infected. Unaware users will continue being accessed and controlled by these hackers. However, even if the user knows that they are infected with Shedun, it is hard to remove it from the device. If the user resets their phone to its factory setting this won’t remove the malware from the device.</p> <p>The creators of the Shedun malware have been making about $300,000 a month from these infected users. The main way these hackers have been gaining this money is through fraudulent ad revenue. The <a href="http://blog.checkpoint.com/2016/07/01/from-hummingbad-to-worse-new-in-depth-details-and-analysis-of-the-hummingbad-andriod-malware-campaign/">Check Point</a> researchers believe that the creators of Shedun can potentially start increasing their profits by selling the access they have over the devices under their control to the highest bidder.</p> <p>The countries that have been hit the worst by Shedun are China, India, the Philippines and Indonesia.</p></span>