Russian anti-virus company Doctor Web said the malignant program is operating on more than 350,000 mobile devices in countries including some in Southeast Asia.
"When the mobile phone is turned on, (a) script loads the code of the Trojan Linux-library imei_chk (Dr.Web Anti-virus detects it as Android.Oldboot.1), which extracts the files libgooglekernel.so (Android.Oldboot.2) and GoogleKernel.apk (Android.Oldboot.1.origin) and places them in /system/lib and /system/app, respectively," the company said in a blog post.
Doctor Web said its statistics show 92 percent of the compromised devices are in China, "which is not surprising, since the Trojan Android.Oldboot is intended for Android-powered devices in China."
It noted part of the Trojan Android.Oldboot is installed as a typical application which functions as a system service and connects to a remote server to await various commands.
"Reflashing a device with modified firmware that contains the routines required for the Trojan’s operation is the most likely way this threat is introduced," it said.
Doctor Web warned this malware is dangerous as even if some elements of Android.Oldboot are removed, the component imei_chk will still reside in the protected memory area and will re-install the malware after a reboot.
To prevent infection, Doctor Web advised users against buying devices "of unknown origin" and using OS images from unreliable sources. — VC, GMA News
source: gmanetwork.com
