We all know that Android is the world’s most popular smartphone operating system. Unfortunately it follows suit then, that criminals would develop some of the most harmful malware created for use on that platform. A program called Android.Oldboot represents the first-ever Android bootkit: a Trojan that can reinstall itself every time the system reboots.
Doctor Web, the Russian antivirus firm, first described the bootkit, which according to Doctor Web, has spread to 350,000 devices across North America, Europe and Asia — China, in particular. Chinese users possess 322,000 of the Android.Oldboot-infected devices.
The bootkit works by targeting Android’s kernel,(the deepest part of an Operating System). Not only is any malware extremely difficult to remove from the kernel, but one that can also rewrite a device’s rebooting procedures from there is going to be extremely difficult, if not currently impossible, to rectify for the user. This actually means that removing the malware manually, or by wiping the device completely, will not actually remove the malware! The system can re-spawn a fresh copy upon each reboot.
Android.Oldboot is a moderately dangerous bit of malware. The program connects Android devices to a remote server, which can compel them to download, install and remove various apps. This is clearly a problem if it installs apps that send texts to paid services (a common threat) or if it digs through your phone’s data for financial information.
Lets be clear on this issue, if you purchased your phone through a reliable retailer and chose to use its built-in software, you do not have much to worry about. Android.Oldboot spreads via infected Android builds; this means that you are only at risk if you have chosen to root your Android device by “flashing” it with new firmware. If so, you should make sure that your installation is coming from a dependable website.
Users buying devices from China should also take care, as bootkit-infected devices appear to come overwhelmingly from Chinese vendors of second hand phones. The bad news is that if you acquire an infected device or manage to infect your own, there isn’t much you can do, short of flashing it with a different OS image and firmware. Even though your Android anti-virus software can remove the criminal program, anti-virus programs cannot prevent the malware from reinstalling itself upon each reboot. Developers may yet find a way to confront Android.Oldboot, but this should be a wake up call to those who root their device. Do so at your own risk!
[Image via thehackernews]