Android is still the most targeted mobile platform out there in terms of mobile malware, considering the reports that keep detailing ways that hackers can take advantage of it for malicious purposes. But in most cases it’s Android users from certain regions of the world who are affected, because Google’s standard Android services aren’t available. A new report from The Hacker News details some new Android malware that may be the biggest threat to the operating system to date, and it may have already infected millions of devices.
Called Oldboot, the malware is “designed to re-infect mobile devices even after a thorough cleanup.” Apparently, the program resides in the memory of infected devices, and it modifies “devices’ boot partition and booting script file to launch system service and extract malicious application during the early stage of system’s booting.”
Versions of the program are so sophisticated that they can perform various stealthy operations including fighting detection and antivirus apps. The Oldboot family is the “most significant demonstration” of fighting against antivirus, malware analyzer and automatic analysis tools, according to researchers from Chinese security firm 360 Mobile Security.
According to these reports, Oldboot.B Android Bootkit malware can install malicious apps silently in the background, inject malicious modules into system process, prevent malware apps from uninstalling, modify the browser’s homepage, uninstall and disable installed Mobile Antivirus software. The malware is even able to run code hidden in images, a technique known as steganography.
Despite its advanced features though, it would appear that 360 Mobile Security has a free tool to detect and remove it.
It’s not clear though what the purpose of the malware is, or where it’s being picked up from, but infected devices can apparently send fake SMS messages, start phishing attacks, and other activities. “Driven by profit, the Oldbook Trojan family changes very fast to react to any situation,” researchers said. It’s also not clear what devices are most likely to be infected, and whether certain devices are more prone to infection than others.
Recently, a security report revealed that a security issue discovered in the baseband chip of certain Samsung devices would allow a hacker to control the infected device in a manner similar to what Hacker News described. However, there was no proof that anybody actually used the discovered backdoor for malware-related purposes.
In order to significantly lower the risk of running into any malware apps, Android users should avoid installing apps from anywhere else other than Google – even so, despite Google’s increased security efforts, some malware apps still make it to the Google Play Store, although they’re yet to sneak in advanced features as described in these new reports.