The ABC of Cybersecurity – Android Threats: R is for Rooting Trojan

Android is no stranger to malware, especially with the proliferation of mobile devices sporting Google’s mobile operating system. If threats have traditionally targeted Windows-based systems, with more than 2 billion active Android devices in the world, it makes sense to cybercriminals to start developing threats for Android-running devices.

While SMS-sending Trojans are usually quite popular, especially since they present an easy way of making money, rooting Trojans are among the most devious threats. Rooting Trojans are designed to take full remote control over a device, enabling the attacker to access any type of stored information, as if actually holding the device.

While some users might want to root their devices for themselves to either delete pre-installed applications that normally cannot be removed or even change the Android version the device is running, rooting Trojans are usually installed without a users’ knowledge.

What is Rooting?

Rooting an Android device is much like gaining Admin rights on your Windows PC. Once you’ve done that, you can install or delete any app you want. You can install apps on SD cards instead of the phone’s internal memory, tweak or overclock the device to unlock some performance boost. While some expert users do it, it’s a risky process that could lead to completely bricking or rendering the device inoperable.

Since rooting a device obviously voids the warranty, It’s recommended to avoid the process as, besides voiding the warranty, it also allows threats to gain a more permanent foothold on the system, if infected. Ultimately, it’s a matter of choice if a user wants full control over the device, but it’s not for the faint- hearted.

For lack of a better description, rooting is like redecorating your house by yourself. If you’re capable of doing that from scratch without any help and actually pulling off a great job, you might as well do it. Otherwise, you’re better off leaving it to professionals or you might cause more damage than you can afford to repair.

Since rooting involves the use of security vulnerabilities to gain administrative privileges over the operating system, this may leave the phone vulnerable to malware that can completely seize control of the device.

For example, imagine driving a stock car that’s limited to 60 miles per hour. However, by tinkering with its onboard software, you can remove that restriction. While that might give you the extra power you wanted, the extra performance might not have an overall positive effect your engine and turbine as they will work above normal usage parameters.

Consequently, rooting an Android device might be similar, as you’re technically bypassing some built-in safety and security features that guarantee optimal performance of the operating system.

Android Rooting Trojans

Malware can sometimes leverage vulnerabilities in unpatched Android operating systems to get the device to install threats and tools that would allow an attacker to secretly control the device remotely. Since the attacker has administrative privileges, he would have unrestricted remote access to any document, photo, text message, or any other feature that the smartphone has.

Remote Access Trojans (RATs) are usually popular on Android, as they enable attackers to leverage seemingly legitimate applications to exploit vulnerabilities within the mobile operating system and take control of it.

For example, imagine downloading a seemingly legitimate application that claims to install some camera filters for taking photos. However, once installed it seizes control of the entire mobile operating system, allowing the attacker to covertly install any spying application without it showing up in your uninstall manager.

For example, there has actually been a rooting Trojan that managed to slip into Google Play. The application was submitted as a perfectly legitimate color block game, following which attackers would update it with malicious code. After the malicious update reached the device and gained system privileges, it had the ability to covertly install applications from third-party marketplaces – potentially malicious – without the user’s knowledge. After successfully doing that, the application was once again updated with a benign version as not to stir suspicion.

In this actual scenario, attackers would have been able to access any type of information stored on the device, remotely install or remove applications, or even trigger on-device features – such as camera, microphone, etc. – for eavesdropping purposes.

How to Stay Safe

By installing applications from trusted marketplaces, you reduce the chances of accidentally installing rooting Trojans or any type of threat. But even Google Play is not immune to malware, as some have managed to infiltrate.

Regularly updating the mobile OS with its latest security patches is highly recommended, as attackers cannot use known vulnerabilities to their own advantage. Since smartphones hold just as much personal data, if not more, than traditional PCs, everyone is encouraged to always have a mobile security solution installed, as they’re usually highly capable of identifying malicious apps from official marketplaces and third-party ones.

A mobile security solution can timely identify any malicious application that’s packing rooting capabilities – as it’s not exactly legitimate behavior – keeping users save from attackers trying to remotely control their device. Whether the application is downloaded via third party marketplaces or simply delivered via a malicious URL, a mobile security solution is capable of blocking both the malware-serving URL and the actual application before installing. Consequently, a mobile security application is capable of securing your device and data from a wide range of attack vectors.

Leave a Reply

Your email address will not be published.