Researchers have discovered a new type of Android malware that often masquerades as a popular application such as Facebook and Twitter. This so-called "trojanized adware" can root a device and install itself as a system application, making removing it almost impossible as the malicious code is designed to survive even a "factory data reset" wipe.
Security firm Lookout said it has found more than 20,000 samples of trojanized apps that repackage the code or other features found in apps from the Google Play store and then get posted to third-party stores. In most cases the apps are fully functional and don't alert the owner. As well as the aforementioned social media apps, the trojanized adware has also been found in copies of Candy Crush, Google Now, NYTimes, Okta, SnapChat and WhatsApp.
Once one of these apps is installed it gains root access to the Android operating system, which means the app can break out of its restricted sandbox and take control of an entire device, its application and data. The goal of these apps appears to be to aggressively display ads on the devices they infect in order to generate money for the attacker.