Android is the world's most popular smartphone operating system, it follows that malefactors would develop some of the most harmful malware for it. A program called Android.Oldboot represents the first-ever Android bootkit: a Trojan that can reinstall itself every time the system reboots.
Oldboot has infected over 350,000 devices worldwide, according to Russian security firm Doctor Web.However, most of the compromised devices (92%) are located in China, which is not surprising, since the Trojan Android.Oldboot is intended for Android-powered devices in China.
.png)
The bootkit targets Android's kernel, the deepest part of an OS. Not only is malware extremely difficult to remove from the kernel, but it can also rewrite a device's rebooting procedures from there. Even though Android anti-virus software can remove the offending program, these anti-virus programs cannot prevent the malware from reinstalling itself upon each reboot.
Doctor Web explains: “This malware is particularly dangerous because even if some elements of Android.Oldboot that were installed onto the mobile device after it was turned on are removed successfully, the component imei_chk will still reside in the protected memory area and will re-install the malware after a reboot and, thus, re-infect the system.”
Posts
