We know that Android is a bit susceptible to malware and trojans, in much the same way as desktop PCs have always been more prone to that kind of dodgy activity than Apple computers. Now, there's a new bootkit malware doing the rounds that has reportedly infected upwards of 350,000 devices. It may be largely targeted at Chinese devices right now, but it's something to be wary of internationally too.
The trojan, called ''Android.Oldboot'', resides in your device's memory and launches itself during the boot stage. Even if you successfully remove the malware, a small part of the malware is secreted away in a protected area of memory and simply re-installs itself the next time you reboot. Nasty stuff indeed and just what we need: self-replicating malware.
The trojan was discovered by Russian security firm Dr. Web, who claim it is the first bootkit trojan on the Android platform. The malware has been detected on over 350,000 devices globally, from the US, China, Germany, Spain, Russia, Brazil, Italy and various Southeast Asian countries. The vast majorities of affected devices are located in China, however, and Dr. Web states the trojan was initially intended for that market. As Dr. Web explained the threat:
[The] attackers have used a very unusual technique, namely, placing one of the Trojan components into the boot partition of the file system and modifying the init script which is responsible for the initialization of OS components....Part of the Trojan Android.Oldboot is installed as a typical application which further functions as a system service....Reflashing a device with modified firmware that contains the routines required for the Trojan’s operation is the most likely way this threat is introduced.
This means that the malware is actually placed onto the device either through flashing untrustworthy ROMs or by a specific individual with access to the device, which could happen quite easily when purchasing a device from an unknown individual from a foreign country. Dr. Web encourages consumers to be wary of buying devices of ''unknown origin and using OS images from unreliable sources.'' Considering the massive rise of cheap handsets being manufactured and sold in China, this trojan could just be the tip of the malware iceberg.
Have you ever purchased an Android device from an unknown third party? Do you think this kind of malware is likely to increase over time?