What does it do? Shuanet automatically roots a device, installs itself on the system partition, and then installs further applications. These applications could be malicious or could be benign apps, pushed to the phone as part of a scheme to get more downloads. Shuanet may also push very aggressive and intrusive advertising to the device.
What is the risk to an enterprise? Rooted devices are in an altered state of security. Often people will root a device to customize it, but they may not know how to properly configure security and also may not receive regular software updates. Also, malware like Shuanet installs itself in the system partition, making it very difficult to remove. Even factory resetting a device infected with malware does not remove the threat. Lastly, malware that installs applications could drop further malicious apps onto the device, putting the device and its data at risk.
Examples of apps it spoofs: ADP Mobile Solutions, CamCard Free, Cisco Business Class Email (BCE), Duo Mobile, Google Authenticator, VMWare Horizon Client, Zendesk, Okta Verify.