What makes this malware attack unusual is that it is designed to reinstall itself after you reboot your Android device, even if you have deleted all of its working components, reinfecting the system.
Dr Web has dubbed the malware Android.Oldboot, and report that it can download, install and remove applications on infected Android devices, opening opportunities for hackers to gain control and make money from the hundreds of thousands of Android devices already infected.
And, according to the researchers, it appears that the devices most at risk are those which have been reflashed with modified firmware (it’s not unusual for Android owners to root their devices and install customised versions of the operating system onto their smartphones).
Reflashing a device with modified firmware that contains the routines required for the Trojan’s operation is the most likely way this threat is introduced.
Over 90% of the infected devices determined by the Dr Web researchers are based in China (the malware’s apparent target), but there are also reports of infections amongst Android users in Spain, Italy, Germany, Russia, Brazil, the United States and some South East Asian countries.
Android malware is a growing problem, and as more criminals try to earn money by exploiting Android devices we can expect to see more and more sophisticated attacks.
Clearly it’s important for those Android users who are reflashing and rooting their devices to exercise caution over where they get they download their homebrewed alternative versions of the operating system, as it’s possible it could be harbouring malware.
And, realise this. If you’re not yet running anti-virus software on your Android device, you are playing an increasingly dangerous game.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
