Android devices are being increasingly targeted by undeletable adware, researchers warn

The adware plants itself in the system partition, making it hard to delete

Nearly 15 per cent of the Android users who were targeted with mobile adware or malware last year were left with undeletable files.

That's according to the researchers from cyber security firm Kaspersky, who state that they have discovered several preinstalled adware on Android devices carrying Trojans, loaders, and other malware on top of their "legitimate" payload.

Adware is a type of malware that hides itself on a device in a bid to serve undesired adverts, including scam ads, to users. Apps containing adware are usually a big nuisance for users as they can drain battery resources, steal personal details of users, and also increase network traffic.

Kaspersky researchers say they started looking into Android adware after receiving multiple complaints from customers about intrusive ads on their devices.

A detailed analysis revealed that several adware campaigns had deployed their intrusive code either into the system partition or in the firmware.

According to researchers, infection of system partition is particularly worrying as anti-malware programmes are usually unable to access the system directories.

The researchers found many adware that had modified software components or system-critical libraries, rendering the device inoperable when an anti-malware programme did find the adware and tried to delete them.

The malicious programmes vary significantly in terms of posed threat level, ranging from Trojans that can download apps on a device without the user's knowledge, to showing annoying ads to users.

The analysis further revealed that these pre-installed adware apps usually come with less-expensive devices, whose manufacturers want to make maximum profits through in-device advertising apps, even if such apps often cause inconvenience to users.

Lezok and Triada Trojans are the most common malware that were found installed in the system partition of Android devices.

"The latter is notable for its ad code embedded not just anywhere, but directly in libandroid_runtime — a key library used by almost all apps on the device," Igor Golovin and Anton Kivva of Kaspersky state in their report.

Then there is the Agent Trojan, which hides itself in the app handling the graphical interface of the system, or in the Settings utility, which is essential for the smartphone to function properly.

Sivu Trojan is a dropper, which poses as an HTMLViewer app, and can get root access on the device.

It consists of two modules: the function of the first module is to show ads in notifications and on top of other windows.

The second module works as backdoor, allowing attackers to take control of the device, while sitting at a remote location.