What is the Shedun Trojan?

What is a Trojan?

A Trojan, also referred to as a Trojan horse, is a form of malicious software or program that disguises itself as something legitimate or harmless, but contains hidden malicious code. This term draws its origins from the tale of the Trojan War in Greek mythology, where the Greeks employed a massive wooden horse as a trick to deceive the Trojans and gain access to the city of Troy.
In the realm of computer security, a Trojan operates by employing tactics that deceive users into unknowingly installing or executing it on their systems. Typically, it masquerades as a genuine file or program to trick users into believing it is safe. Once successfully installed, the Trojan can execute a range of malicious activities without the user’s awareness or consent.
Trojans are well-known for their ability to carry out a range of malicious activities with serious implications. One of their primary objectives is to steal personal information, such as login credentials and credit card details, which can result in significant privacy and security breaches for individuals. Furthermore, Trojans can go a step further by installing additional malware, exacerbating the compromised system’s vulnerability.
Trojans are a persistent and ever-evolving threat in the cybersecurity world. They utilize various distribution methods to infiltrate systems, ensuring their reach is widespread. These malicious programs can be delivered through email attachments, disguised as harmless files or programs, enticing users to unknowingly install them. They can also be found in malicious downloads, compromising websites, or even masquerading as legitimate software downloads. Once inside a system, Trojans exploit vulnerabilities in the operating system or applications, allowing them to gain unauthorized access and carry out their malicious activities.

What is the Shedun Trojan?

Shedun Trojan is a type of Android malware that belongs to the larger family of Android malware known as “adware.” Shedun is primarily designed to display intrusive advertisements and generate revenue for its creators through ad fraud. It typically spreads by disguising itself as legitimate applications on third-party app stores or by being bundled with other apps. Once installed on a device, Shedun gains root access, allowing it to modify the system settings and install additional apps without the user’s consent. It then displays unwanted ads on the infected device, often overlaying them on top of other apps or the device’s home screen. Shedun may also collect personal information and transmit it to remote servers controlled by the malware’s creators.

History of Shedun Trojan
The Shedun Trojan, also known as Shedun or GhostPush, is a prominent Android malware that made its appearance in late 2015. This malware garnered considerable attention due to its advanced features and extensive distribution. Here’s a brief history of Shedun Trojan:

  1. Discovery and Initial Infections (Late 2015): Shedun Trojan was first discovered by researchers at security firm Lookout. It was primarily distributed through third-party app stores and disguised as popular apps, such as Facebook, WhatsApp, and Twitter. Once installed, Shedun gained root access on the infected device, making it extremely difficult to remove.
  2. Large-Scale Infections and Adware Activities (2015-2016): Shedun rapidly infected numerous Android devices, particularly in regions where third-party app stores were popular. It displayed intrusive advertisements on the infected devices, generating revenue through ad fraud. The malware employed aggressive tactics, including displaying ads even when the user wasn’t using any app.
  3. Collaboration with Shuanet and ShiftyBug (2016): Shedun was found to be closely related to two other Android malware families, Shuanet and ShiftyBug. These malware families shared similar code and infrastructure, indicating a collaboration between the malware developers. Shuanet focused on SMS fraud, while ShiftyBug specialized in click fraud.
  4. Countermeasures and Removal Efforts (2016): Security companies and antivirus vendors collaborated to develop detection and removal tools for Shedun Trojan. These tools helped users identify and remove the malware from their infected devices. Google also enhanced the security measures in the Play Store to prevent the distribution of Shedun-infected apps.
  5. Evolution and Decline (2017-Present): Shedun Trojan continued to evolve, with new variants and techniques emerging over time. However, as the Android ecosystem became more secure and users became more cautious about app installations, the prevalence of Shedun decreased. While Shedun may still exist in some form, its prominence has diminished as newer threats and malware families have gained attention.

What to do if you think you have Shedun Trojan?

If you have concerns about your Android device being infected with the Shedun Trojan or any other malware, it’s crucial to act promptly to minimize the potential risks. Taking immediate action can help mitigate the threat and protect your device and personal information. Here are some steps you can follow:

  1. Disconnect from the Internet: To prevent the malware from communicating with its command-and-control servers or downloading additional malicious content, disconnect your device from the internet. This can be done by disabling Wi-Fi and mobile data.
  2. Enter Safe Mode: Restart your Android device and boot it into Safe Mode. The process to enter Safe Mode can vary depending on the device manufacturer, but typically involves pressing and holding a specific combination of buttons during the startup process. Safe Mode allows you to start the device with minimal third-party apps running, making it easier to identify and remove the malware.
  3. Uninstall Suspicious Apps: In Safe Mode, go to your device’s Settings and navigate to the “Apps” or “Application Manager” section. Look for any recently installed or suspicious-looking apps that you don’t recognize or trust. Uninstall these apps to remove the potential source of the malware. Pay attention to apps that have unusual names, misspellings, or generic icons.
  4. Clear App Data and Cache: After uninstalling suspicious apps, it’s a good practice to clear the cache and data of the remaining apps on your device. This step helps remove any remnants or temporary files associated with the malware.
  5. Install a Reputable Antivirus App: To effectively address the possibility of the Shedun Trojan or any other malware on your Android device, it’s recommended to install a reputable antivirus or anti-malware application from a trusted source, such as the Google Play Store.
  6. Update Your Android Device: Ensure that your Android device is running the latest available software updates. Manufacturers often release security patches and bug fixes to address vulnerabilities that malware may exploit.
  7. Change Passwords: To further enhance your security and protect your sensitive information from potential unauthorized access, it is advisable to change the passwords for your important accounts, such as email, banking, and social media. By creating strong and unique passwords and updating them regularly, you can fortify your defenses against potential threats and reduce the risk of unauthorized access to your valuable personal data.
  8. Stay Vigilant: Be cautious when downloading apps from third-party sources and always prefer the official Google Play Store. Pay attention to app permissions and reviews before installing any app. Additionally, regularly scan your device for malware using a trusted antivirus app and practice safe browsing habits.
    If you’re unsure about removing the malware or need further assistance, it’s recommended to consult a professional or contact your device manufacturer’s support for guidance specific to your device.

How to protect yourself and avoid infection by Shedun Trojan

To protect yourself and avoid infection by Shedun Trojan or similar Android malware, you can follow these preventive measures:

  1. Stick to Official App Stores: Download apps exclusively from the official Google Play Store or other reputable app stores. These platforms have security measures in place to detect and remove malicious apps, reducing the risk of infection.
  2. Verify App Permissions: Pay attention to the permissions requested by an app before installing it. Be cautious if an app requests excessive permissions that seem unrelated to its functionality. If a flashlight app, for example, asks for access to your contacts and messages, it could be suspicious.
  3. Update Your Device: Keep your Android device up to date with the latest software and security updates. Regularly check for system updates and install them promptly to benefit from the latest security patches and bug fixes.
  4. Enable App Verification: To enhance the security of your Android device and protect it from potential malware, it is advisable to enable the “Verify Apps” feature. This feature, powered by Google Play Protect, is built into most Android devices and scans the apps installed on your device for any potential threats or malware.
  5. Be Cautious with Third-Party Apps: Exercise caution when installing apps from third-party sources. If you choose to download apps from outside the official app stores, research the source and verify the app’s authenticity and integrity. Check user reviews, ratings, and feedback to ensure the app is trustworthy.
  6. Use Antivirus Software: Install a reputable antivirus or anti-malware app from a trusted provider. Regularly scan your device for malware and keep the antivirus software up to date. It adds an additional layer of protection by detecting and blocking potential threats.
  7. Read App Reviews and Ratings: Before downloading an app, read user reviews and check the ratings. Look out for any reports of suspicious behavior, excessive ads, or malware infections. If an app has a low rating or negative feedback, reconsider installing it.
  8. Exercise Caution with Links and Messages: Be cautious when clicking on links or downloading files from unknown or untrusted sources, especially through text messages, emails, or social media platforms. Malicious links and attachments can be used to distribute malware, including Shedun Trojan.
  9. Educate Yourself about Phishing: Learn about phishing techniques and be cautious when providing personal information online. Avoid clicking on suspicious links or providing sensitive information through unfamiliar websites or email requests.
  10. Use Strong, Unique Passwords: To bolster the security of your accounts and minimize the risk of unauthorized access, it’s crucial to use strong and unique passwords. Avoid the temptation of using the same password across multiple platforms, as it increases the vulnerability of your accounts. Instead, consider using a password manager, which securely stores and generates complex passwords for you.
    By following these preventive measures, you can significantly reduce the risk of infection by Shedun Trojan and other Android malware. Stay informed about the latest security practices and remain cautious when interacting with apps and online content.


In conclusion, Shedun Trojan is an Android malware that emerged in late 2015. It is primarily an adware that displays intrusive advertisements and generates revenue through ad fraud. Shedun gained attention for its widespread distribution and advanced capabilities.
If you suspect that your device is infected with Shedun Trojan or any other malware, it is crucial to take immediate action. Disconnect from the internet, enter Safe Mode, uninstall suspicious apps, clear app data and cache, and install a reputable antivirus app to scan and remove the malware. Additionally, staying vigilant, sticking to official app stores, verifying app permissions, updating your device, and exercising caution with third-party apps and links can help protect yourself and prevent Shedun Trojan infections.
Remember to prioritize cybersecurity practices, keep your device and apps updated, and exercise caution while downloading apps or clicking on links to maintain a secure Android device.

Press ESC to close