OldBoot Bootkits – Advanced Android Malware

boot-blog

As April 8th and the death of Windows XP approaches, the PC malware scene experiences a calm before the storm. It has been a quiet week, at least compared to last, where we saw a zero day affecting Microsoft Outlook and Word and the emergence of Zeus on Monster.com. Things haven’t been so tame in the world of mobile malware however. In fact, this first week of April has seen the emergence of one of the most advanced Android bootkits discovered in the wild: OldBoot.B.

OldBoot Origins

OldBoot.B is a bootkit, and a new variation of its predecessor, Oldboot.A – the very first Android bootkit discovered in the wild. A “bootkit” is a type of rootkit, and a rootkit is a powerful type of malware that grants attackers “root” or administrator access to a computer, allowing for total system control and the ability to hide malicious activity or other malware. Bootkits are called bootkits because they specifically infect the code that instructs a computer during boot-up.

OldBoot.B is thus an Android bootkit, which targets the operating system’s boot sector code and allows attackers a great deal of surreptitious control and malicious manipulation.

OldBoot Capabilities

Like OldBoot.A, OldBoot.B is primarily designed to open communication between a malicious Command and Control server. Once communication is established, the Android device can then be instructed to download proprietary apps from the attacker or send text messages on a premium rate SMS service. In both cases, the attacker’s goal is profit, and the owner of the infected device ends up footing the bill.

In addition to malicious app installation, OldBoot.B can also:

  • Prevent malicious apps from uninstalling
  • Modify your browser’s homepage
  • Inject malicious modules into system critical processes
  • Uninstall or disable the good apps that you like!

Emsisoft Mobile Security and OldBoot

OldBoot has seen success – particularly in its country of origin, China – because the majority of Android users do not utilize mobile anti-malware. This is alarming, because the advanced nature of OldBoot’s technology clearly demonstrates that the Android environment is in the cross hairs of professional malware authors.

To avoid OldBoot infection Emsisoft recommends the strictest of caution when downloading third-party apps. OldBoot uses Trojan methodology as a means of propagation and will disguise itself as something useful, while performing its malicious actions in the background of your device.

For complete protection, we also recommend Emsisoft Mobile Security, which detects the OldBoot Android bootkit family as Android.Trojan.OldBoot.A (B).

Have a Great (Mobile-Malware-Free) Day!