We all know that
Android
is the world’s most popular smartphone operating system. Unfortunately
it follows suit then, that criminals would develop some of the most
harmful malware created for use on that platform. A program called
Android.Oldboot represents the first-ever Android bootkit: a Trojan that
can reinstall itself every time the system reboots.
Doctor Web,
the Russian antivirus firm, first described the bootkit, which
according to Doctor Web, has spread to 350,000 devices across North
America, Europe and Asia — China, in particular. Chinese users possess
322,000 of the Android.Oldboot-infected devices.
The bootkit works by targeting Android’s kernel,(the deepest part of
an Operating System). Not only is any malware extremely difficult to
remove from the kernel, but one that can also rewrite a device’s
rebooting procedures from there is going to be extremely difficult, if
not currently impossible, to rectify for the user. This actually means
that removing the malware manually, or by wiping the device completely,
will not actually remove the malware! The system can re-spawn a fresh
copy upon each reboot.
Android.Oldboot is a moderately dangerous bit of malware. The program
connects Android devices to a remote server, which can compel them to
download, install and remove various apps. This is clearly a problem if
it installs apps that send texts to paid services (a common threat) or
if it digs through your phone’s data for financial information.
Lets be clear on this issue, if you purchased your phone through a
reliable retailer and chose to use its built-in software, you do not
have much to worry about. Android.Oldboot spreads via infected Android
builds; this means that you are only at risk if you have chosen to root
your Android device by “flashing” it with new firmware. If so, you
should make sure that your installation is coming from a dependable
website.
Users buying devices from China should also take care, as
bootkit-infected devices appear to come overwhelmingly from Chinese
vendors of second hand phones. The bad news is that if you acquire an
infected device or manage to infect your own, there isn’t much you can
do, short of flashing it with a different OS image and firmware. Even
though your Android anti-virus software can remove the criminal program,
anti-virus programs cannot prevent the malware from reinstalling itself
upon each reboot. Developers may yet find a way to confront
Android.Oldboot, but this should be a wake up call to those who root
their device. Do so at your own risk!