Two weeks ago, Ars reported on newly discovered Android adware that is practically impossible to uninstall. Now, researchers have uncovered malicious apps that can get installed even when a user has expressly tapped a button rejecting the app.
The hijacking happens following a user has installed a trojanized app that masquerades as an official app offered in Google Play and then is made obtainable in third-party markets. During the installation, apps from an adware family identified as Shedun try to trick men and women into granting the app handle more than the Android Accessibility Service, which is developed to supply vision-impaired users alternative approaches to interact with their mobile devices. Ironically enough, Shedun apps try to achieve such manage by displaying dialogs such as this 1, which promises to aid weed out intrusive advertisements.
From that point on, the app has the potential to show popup advertisements that set up very intrusive adware. Even in situations where a user rejects the invitation to set up the adware or takes no action at all, the Shedun-spawned app uses its control over the accessibility service to install the adware anyway.