[–] collegetoker 1 point 0 points 1 point (+1|-1) ago
This just reeks of bullshit. It doesn't offer any description on the name of the exploit, a synopsis, or anything. The article provides no information as to check to see if your system is infected and says that it can survive a factory reset, which doesn't seem likely.
[–] HACKhalo2 0 points 1 point 1 point (+1|-0) ago
A factory reset basically dumps the /data partition and rebuilds it from the /system partition. If a bad app were to put itself in the /system partition, then a factory reset wouldn't get rid of it, only a complete ROM reinstall would, since that overwrites every partition the phone uses.
[–] collegetoker ago
I think what you are describing is a system restore, which is categorically different.
[–] [deleted] 0 points 1 point 1 point (+1|-0) ago
[–] ttyS0 0 points 1 point 1 point (+1|-0) ago (edited ago)
Also older devices with well-known security vulnerabilities which are commonly used to root them. The malware app first uses those to gain root privileges which in turn are used to persist it as a privileged system app on the normally read-only system partition, which is resistant against a factory reset (= data partition wipe).
[–] UffishThought 0 points 5 points 5 points (+5|-0) ago
https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
The shedun family modifies install-recovery.sh. Some variants also drop a version of the chattr command which prevents removal of a file unless the immutable bit is changed back(even as root). There will probably be a white paper in the future with low level tech details.
A new phone isn't strictly necessary - dropping in a fresh ROM would take care of matters, but many people wouldn't feel comfortable delving that deeply into their phone.
[–] WhiteSoIMustBeRacist 1 point -1 points 0 points (+0|-1) ago
I support much much harsher penalties for people who get caught doing this. Caught producing and distributing malware? Chop off one of their hands. And do it frequently, swiftly, and publicly.