Android malware connects to botnet and makes premium rate calls by rooting itself

Share

Android-Virus.jpgThe Android operating system has had yet another serious piece of malware sully its name today, as an Android app called com.google.android.smart has been discovered to be a premium rate texts, calls and botnet scam.

The malware itself has been named RootSmart by Xuxian Jiang who leads the research as assistant professor of NC State University’s department of computer science.

The app’s first deception is to use the default Android system settings icon as its own, leading users into a false sense of official security. It then waits for an outgoing call before connecting to its own command-and-control server, and then downloads a GingerBreak root exploit.

With the exploit installed, it has free reign to download further dodgy apps which connect to premium rate phone numbers and send premium rate messages.

For the time being, the malware problem seems to be isolated to two Chinese mobile networks, with the app only up for download on third party sites rather than the official Android Marketplace. Devices running Android Gingerbread versions earlier than 2.3.4 or Android Honeycomb 3.0 also seem the only ones affected.

Despite these quite limited channels, Symantec have estimated the app is already making between £1,000 and £5,500 every single day. Jiang urges Android users to remain vigilant, particularly when an app asks a user change permissions on their handsets.

Google have recently upped their own Android malware defences, announcing the launch of the Bouncer programme, which will automatically scan new and existing apps for malware, spyware and trojans.

Gerald Lynch

One thought on “Android malware connects to botnet and makes premium rate calls by rooting itself

Comments are closed.