Android rootkits – malware on your smartphone

Android smartphone
Many of you are probably familiar with the concept of rootkits – malicious software that lurks hidden at a low-level on your Windows or Unix computer, remaining undetected by conventional anti-virus software.

Although new rootkits can be prevented from infecting your computer, if you had any rootkits before you installed your anti-virus, they may never be revealed. This threat really began to capture the headlines a couple of years ago, and as a result security vendors like Sophos provided free anti-rootkit software for Windows users to check and clean-up their systems.

But rootkits aren’t just limited to conventional desktop operating systems.

Earlier this year we saw two scientists from Rutgers University discuss the possibility of smartphone rootkits, and now – according to media reports – security researchers are planning to demonstrate a malicious rootkit for Google’s Android operating system.

Sign up to our free newsletter.
Security news, advice, and tips.

Trustwave’s Nicholas J Percoco and Christian Papathanasiou are planning to give a live demonstration at DEF CON next month of the kernel-level Android rootkit they have developed. Percoco and Papathanasiou claim that the rootkit – once activated – could be used to track the location of the mobile phone’s owner, read their private SMS messages, and redirect calls to bogus numbers.

Of course, all of this relies upon malicious hackers having been able to plant the rootkit in the first place on your Android phone.

And that’s quite a challenge for anybody who wants to spy on you.
Android application settings
The easiest way would probably be for the bad guys to have managed to get their evil mitts on your smartphone, and secured physical access to the device. But cybercriminals could also try to exploit an unpatched security vulnerability in the Android operating system, or use a social engineering trick to fool you into installing the malicious code.

And if they went down the malicious app route they would have either have to have waltzed around the safeguards that Google has put in place to vet applications distributed via the Android Market, or targeted an Android phone where the user has given permission for non-Market applications from unknown sources to be installed.

In other words, it sounds like there are less opportunities to infect an Android mobile phone with a rootkit than, say, a computer running Windows.

Nevertheless, owners of all types of computing device (be it desktop computer, laptop, netbook, smartphone or tablet) should remember to practise safe computing and ensure that they are only allowing code they trust to be run and installed on their computer.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.