[Full-disclosure] New Android Malware Botnet Reversed/Uncovered
Adam Behnke
adam at infosecinstitute.com
Fri Feb 10 18:56:17 GMT 2012
Hello, one of InfoSec Institute's security researchers reverse engineered a
new botnet that is active for the Android platform. RootSmart has some
unique features that make it newsworthy:
. Takes advantage of Gingerbreak exploit to take control of Android device
. The main malware payload is a rootkit that hides itself inside of legit
app
. The rootkit hooks itself into the legit app as a boot service
. The rootkit installs its own shell into the OS, allowing it to silently
install other packages
. Encrypts the C&C URLs with a clever non-standard communication stream
RootSmart is a successful botnet in the wild, between 10,000 and 30,000
devices are currently infected per Symantec. We were also able to uncover
the C&C server locations, they are currently active and residing in China.
More details are available here:
http://resources.infosecinstitute.com/rootsmart-android-malware/
Full-Disclosure is hosted and sponsored by Secunia.