| Researchers October 8, 2015


October 8, 2015

Kemoge: Lookout protects against malware that roots devices

By Lookout

Kemoge, or what we call ShiftyBug, is a piece of Android malware that roots a victim’s device and installs itself as a system application, making it very difficult to remove. Its end game is to install additional applications on the to the device.
There are eight different exploits packed into the malware that are tailored to root that specific kind of device, the majority of which impact Samsung devices.
Are Lookout customers protected?
Lookout protects its customers from this malware. If a customer encounters Kemoge, Lookout will alert the user and recommend they don’t install the app. Lookout will then walk the person through the process of making sure the malware does not continue to download or take hold of the device.
Reports on Kemoge suggest that it may attempt to uninstall anti-malware software, such as Lookout, in order to keep itself safe from removal. Any application which exploits the device to gain root access, if successful, has free reign of the device and its operating system. This can be used in nefarious ways, such as deleting other applications on the device. However, if you have Lookout on your phone prior to downloading Kemoge, you are safe.
For those customers using our enterprise product, we will also alert IT administrators to the presence of Kemoge on devices in their workforce.
Who is affected?
We’ve watched this malware for some time and based on our research we've found it is most prevalent in:
  • U.S.
  • Germany
  • Great Britain
  • France
  • Russia
  • Spain
  • Japan
  • Canada
This is an Android-specific threat.
What can I do?
We consider Kemoge to be a sophisticated piece of malware. If you have Lookout installed on your device, you are protected.
Otherwise, you may need to purchase a new device or install a clean factory ROM. Unfortunately, when a piece of malware gains root access to a device, it becomes extremely difficult to remove.

Author

Lookout

Leave a comment

Submit


1 comment


alex says:

November 09, 2015 at 12:36 am

sometimes lookout cannot remove a malicous app. this can only be done by titanium-backup/others with root rights. (father.trickery.ordinary.----) since my device is already rooted from factory. apps like this are rendered useless since removal is easier ps: please make a forced removal for this app, since it cannot uninstall it. used a Root app then i could successfully remove it.