An anti-virus company is warning about what it says could be one of the first mass-distributed bootkit viruses seen on Android smartphones.
Russia based Doctor Web says that the Trojan resides in the memory of infected devices and launches itself early on in the OS loading stage, acting as a bootkit. This allows the Trojan to minimize the possibility that it will be deleted, without tampering with the device's file system.
It's currently estimated that the virus has infected more than 350,000 mobile devices belonging to users in various countries. Although the bulk of the devices are in China, they have also been detected in Spain, Italy, Germany, Russia, Brazil, the USA and some Southeast Asian countries.
To spread the Trojan, which entered the Dr.Web virus database as Android.Oldboot.1.origin, attackers have used a very unusual technique, namely, placing one of the Trojan components into the boot partition of the file system and modifying the init script which is responsible for the initialisation of OS components.
No comments:
Post a Comment