According to Avast Threat Labs, there is adware installed on devices that is not certified by Google. Named “Superfish,” this malware has appeared on devices from ZTE, Archos, myPhone, and most recently, Lenovo.
The adware itself is very difficult to remove as it is installed at a firmware level. The affected phones will show pop-up ads and other annoying issues will occur because of it. Lenovo shipped out the malware with its brand new PC line, meaning that “Superfish” is now not solely relegated to smartphones.
The Android malware comes in many shapes and sizes but the modus operandi is the same – the infected apps (called droppers) are installed in a hidden way in a list of system applications. Then, they download a file called a manifest, which tells the app what other files to retrieve. Subsequently, it downloads all of those and installs an APK (Android package kit) using a standard Android command. After that, it starts the payload service.
The payload contains Facebook, Google, and Baidu ad frameworks. In theory, the payload APK should hold back suspicious activity if it detects antivirus software, according to Avast. If that is not the case, the pop-up ads will be a nuisance to the user as they surf on their default browser. It gets far worse if the user actually installs games.
A lot of users have complained about bad ads, in spite of Avast’s efforts to disable the service via takedown requests (it was quickly restored by using another provider). The only other solution at the moment is to use mobile antivirus software available through Avast and other providers. It should uninstall the payload; however you will have to manually go into the settings to disable the dropper.
If you believe your phone or laptop is affected by the “Superfish” malware, you can find information on how to remove it on the Avast Blog.