[9][10] Avira Protection Labs stated that Shedun family malware is detected to cause approximately 1500-2000 infections per day.
[15][16] The malware's primary attack vector is repackaging legitimate Android applications (e.g. Facebook, Twitter, WhatsApp, Candy Crush, Google Now, Snapchat[17])[4][18][19] with adware included.
The app which remains functional is then released to a third party app store;[20] once downloaded, the application generates revenue by serving ads (estimated to amount to $2 US per installation[19]), most users cannot get rid of the virus without getting a new device, as the only other way to get rid of the malware is to root affected devices and re-flash a custom ROM.
[21][22] In addition, Shedun-type malware has been detected pre-installed on 26 different types[23] of Chinese Android-based hardware such as Smartphones and Tablet computers.
[42][43] Shedun malware is known for targeting the Android Accessibility Service,[2][42][44][45][46][47][48] as well as for downloading and installing arbitrary applications[49] (usually adware) without permission.