Shedun is a family of malware software (also known as Kemoge, Shiftybug and Shuanet) targeting the Android (operating system) first identified in late 2015 by mobile security company Lookout (company), affecting roughly 20,000 popular Android applications.
Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day. All three variants of the virus are known to share roughly ~80% of the same source code.
The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat) with adware included, the app which remains functional is then released to a third party app store; once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.
In addition, Shedun-type malware has been detected pre-installed on 26 different types of Chinese Android-based hardware such as Smartphones and Tablet computers.
Shedun-family malware is known for auto- rooting the Android OS using well-known exploits like ExynosAbuse, Memexploit und Framaroot (causing a potential privilege escalation) and for serving trojanized adware and install themselves within the system partition of the operating system, so that not even a factory reset can remove the malware from infected devices.
Shedun malware is known for targeting the Android Accessibility Service, as well as for downloading and installing arbitrary applications (usually adware) without permission, it is classified as "aggressive adware" for installing potentially unwanted program applications and serving ads.
As of April 2016, Shedun malware is, by most security researchers, considered to be next to impossible to remove entirely.
Avira Security researcher Pavel Ponomariov, specialized in Android malware detection tools, mobile threats detection and mobile malware detection automation research, has published an in-depth analysis of the computer virus.