Android malware gives itself root access

Connection to botnet and premium rate calls are next step

Google Android

A piece of Android malware has been discovered that steals money by giving itself root access then connecting to a botnet to make premium rate texts and calls.

The malware has been named RootSmart by the research team led by Xuxian Jiang, assistant professor of NC State University's department of computer science.

Hiding in an Android app named com.google.android.smart, which uses the default system settings icon, it waits for certain events like an outgoing call before setting to work.

It then connects to its command-and-control server and downloads the GingerBreak root exploit. That done, it automatically gains root access to the phone, allowing it to install additional apps which get to work making money via premium rate texts and calls.

Made in China

Currently, it appears to be targeting users of just two Chinese mobile networks, and researchers have only found the malware on third-party download sites, rather than the official Android Market.

At this time it only affects devices running Android Gingerbread versions earlier than 2.3.4 or Android Honeycomb 3.0.

Symantec estimates that RootSmart is generating between £1,000 and £5,500 in revenue every day.

Google has recently upped its efforts to combat Android malware with its Bouncer programme, but it always pays to be vigilant.

Jiang recommends paying attention to permissions requested by apps, looking out for devices behaving strangely and running up-to-date security software.

From Xuxian Jiang via Information Week, The Verge