A security firm named Lookout has warned smartphone users of a bug that can install itself in popular apps.
Facebook, Whatsapp and Candy Crush are some of the applications that may be at risk from the bug which has three different versions: Shifty Bug, Shedun and Shuanet.
All three bugs use similar coding and each one acts similarly by embedding itself in the app.
In a blog post, Lookout said that once the bug installs itself, it can only be removed by a professional.
“For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone.
Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy”.
The firm has pointed out that the issue refers to apps which come from third party app stores rather than the Google Play Store.
“While historically, adware hoped to convince the user to install new applications by showing banners and annoying pop ups, now it can install these third party apps without user consent.
“In this way it can heavily capitalize on the Cost Per Install paid out by web marketing companies.
“Unfortunately, should the revenue model change on clicks-per-install and ads, this may lead to malware authors using this privilege escalation for new monetization strategies”.