It was reported on Thursday November 5th 2015 that security researchers Lookout has found three new malware programs that infect Android phones. The three malware strains have been found in about 20k apps! And that is not the scary part, which is this malware CAN NOT be removed from the device! Yes, you read right, can not be removed. You will have to replace your device to rid yourself of the infection. This is a major leap forward in the growing insecurity of the mobile device market.
The three programs named; Shedun
, Shuanet
, ShiftyBug
operate similarly yet appear to have been authored independently according to Lookout. Once infected, the malware is designed to survive a factory reset. The process is known as installing a root kit, which is the holy grail of computer vulnerabilities. This means if you for some reason did find out your device was infected, you could not wipe your phone to get rid of it.

It appears the chink in the armor for Android apps seams to be the fact that one can download common and well known apps from a 3rd party app stores. The malware has been found in apps such as Candy Crush, Facebook, Snapchat, WhatsApp, to name a few.
This issue of “Where” you get your apps from has also hit Apple a few months ago in the XcodeGhost attack. Last September, a Chinese developer has used a infected copy of Xcode to compile his iPhone app. Little did he know the infected compiler, which he obtained from unofficial sources, injected spyware with mined the user’s personal data.
The moral of the story, which has ALWAYS been true in the age of computers, be very careful of what you install, and from where you install, software and apps on ALL of your device.