ShiftyBug is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. [1]

ID: S0294
Version: 1.0
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1645 Compromise Client Software Binary

ShiftyBug is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.[1]

Mobile T1404 Exploitation for Privilege Escalation

ShiftyBug is packed with at least eight publicly available exploits that can perform rooting.[1]