ANDROIDOS_OLDBOOT.XA

 Analysis by: Simon Huang

 THREAT SUBTYPE:

Malicious Downloader, Rooting Tool

 PLATFORM:

Android OS

 FIRST DETECTION COUNT/S:

5

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan also has rootkit capabilities, which enables it to hide its processes and files from the user.

It accesses websites to download files. This action allows this malware to possibly add other malware on the affected computer. It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

  TECHNICAL DETAILS

Rootkit Capabilities

This Trojan also has rootkit capabilities, which enables it to hide its processes and files from the user.

Download Routine

This Trojan accesses websites to download the following files:

  • [specified by remote command]

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

Mobile Malware Routine

This Trojan receives commands from the following C&C server(s):

  • http://{BLOCKED}d999.com:8090/backurl.do

It blocks the received SMS, not allowing the user to read the received message.

NOTES:
This Android malware uses bootkit technology.

  SOLUTION

Minimum Scan Engine:

9.700

Step 1

Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_OLDBOOT.XA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Step 2

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.