It’s not Apocalypse yet and the warning bells have already started ringing. Slow and low. Security experts of Trend Micro security have warned of a possible zombie attack. Not on the real world, but on the droid world.
Android users- especially the ones who have got their phones rooted have been warned against installing apps which may turn their phones into zombies. Trend Micro have explained it by stating that a library file in many apps detected as ANDROIDOS_BOTPANDA.A, has enough root permissions to connect to its command and control (C&C) servers and invoke processes remotely.
The malware found is smart and knows how to conceal its identity. When the app is installed, the library file runs the zombie service from your Android phone which connects itself to C&C servers. Developed using NDK, a tool-kit used by Android developers to create apps, it instates itself using the Java Native Interface and creates a malicious library in your device called libvadgo.
The library file conceals its identity by hiding its routines (chunks of code in execution) in the Android dynamic library (which cannot be killed). It also erases its foot-steps along the way by replacing the system files with files which help endure its concealment. It also makes amendments for reiteration of the malware if you somehow manage to kill it. (That’s not new for Windows users)
Trend Micro security asserted that as the C&C servers were down during their initial analysis, they couldn’t detect what exact commands were performed on the device, remotely.
“It eventually kills some processes, hooks inevitable system procedures, and replaces files to make detection and removal solutions infeasible. If more Android malware make use of this trick in the future, analysing and delivering solutions would become extremely challengeable for security experts”, it has warned.
Though links established so far confirm the vulnerability of only rooted devices, this zombie malware may pave its way on your non-rooted phones through third-party app stores as well. The invasion is ispo facto perhaps.
Share your thoughts on this. Isn’t Google being too complacent? Shouldn’t it disallow devices to avail root permissions? Doesn’t this threaten the credibility of the most used smartphone OS in the world?