ShiftyBug is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. ^[1]

ID: S0294

ⓘ

Type: MALWARE

Version: 1.0

Created: 25 October 2017

Last Modified: 24 October 2022

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1645		Compromise Client Software Binary	ShiftyBug is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.^[1]
Mobile	T1404		Exploitation for Privilege Escalation	ShiftyBug is packed with at least eight publicly available exploits that can perform rooting.^[1]

References

Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.

ShiftyBug

Mobile Layer

Techniques Used

References