A new piece of Android malware named Android.Bmaster, first highlighted by researcher Xuxian Jiang at North Carolina State University, was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings, Symantec researcher Cathal Mullaney wrote in a blog.
This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The malware, mostly found on Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread. RootSmart is designed to escape detection by being named "com.google.android.smart," which the same name as a settings app included by default with Android operating systems.
Mullaney explained that once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated.“The malware posts some user and phone-specific data to the remote address and attempts to download and run an APK file from the server. The downloaded file is the second stage in the malware and is a Remote Administration Tool (RAT) for Android, detected as Android.Bmaster. This type of malware is used to remotely control a device by issuing commands from a remote server”.
To counter the rising tide of threats, Google last week announced it had launched an app prescreening tool called Bouncer that runs a server-based simulation to check apps for malicious behavior such as attempts to access or send personal data, or simply send out pricey text messages. Google blocks them before they get into the official Android Market.Bouncer has been used quietly for several months; in the second half of 2011, the Android market saw a 40 percent decrease in malware apps identified as potentially malicious, compared to the first half of the year.
Google spokesperson Nancarrow points out that Rootsmart wasn’t found in the official Android Market and so falls outside the zone of protection that Google is trying to enforce with its new malware scanner. And the fact that Gingerbreak was already patched, he adds, points to Android’s “defense in depth approach, not a reliance on any specific user protection measure.”