ANDROIDOS_OLDBOOT.XA
Malicious Downloader, Rooting Tool
Android OS
5
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan also has rootkit capabilities, which enables it to hide its processes and files from the user.
It accesses websites to download files. This action allows this malware to possibly add other malware on the affected computer. It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
TECHNICAL DETAILS
Rootkit Capabilities
This Trojan also has rootkit capabilities, which enables it to hide its processes and files from the user.
Download Routine
This Trojan accesses websites to download the following files:
- [specified by remote command]
It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
Mobile Malware Routine
This Trojan receives commands from the following C&C server(s):
- http://{BLOCKED}d999.com:8090/backurl.do
It blocks the received SMS, not allowing the user to read the received message.
NOTES:
This Android malware uses bootkit technology.
SOLUTION
9.700
Step 1
Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_OLDBOOT.XA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Step 2
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.