More than 350,000 Android devices impacted by bootkit trojan

10:30 ET, 30 January 2014

A particularly clever trojan has been discovered operating as a bootkit on more than 350,000 Android mobile devices, including a small percentage in the United States, according to a Friday post by Russian anti-virus company Dr. Web.

“To spread the trojan, which entered the Dr.Web virus database as Android.Oldboot.1.origin, attackers have used a very unusual technique, namely, placing one of the trojan components into the boot partition of the file system and modifying the [initialization] script which is responsible for the initialization of OS components,” according to the post.

What that means is that the trojan – which is designed to be able to download, install or remove certain applications on a device, according to the post – is extracted when the phone is turned on, thus making it hard to detect and less likely to be deleted.

According to the post, the threat is compounded because even if some parts of the malware are wiped from the mobile, a certain element will still remain in the system’s memory and will reinstall every time the device is rebooted – creating a cycle of infection.

Dr. Web researchers have learned that the trojan is operating on roughly 350,000 devices, the majority of which are in China. A small percentage of victims were said to reside in Spain and an even smaller percentage were said to be in countries such as the United States, Germany and Brazil.

“Reflashing a device with modified firmware that contains the routines required for the trojan’s operation is the most likely way this threat is introduced,” according to the post.

Dr. Web did not respond to an SCMagazine.com request for comment.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X