Will Google Bouncer stop RootSmart from entering Android Market?
Google for the past year has been working and running a service codenamed Bouncer. This service scans new apps, also apps that are already in Android Market, and the developer accounts for any kinds of malware. When Google Bouncer sees an application uploaded, it immediately starts analyzing it, comparing with known malware, spyware and Trojans. It looks for strange behaviors that indicate that the application might be misbehaving, and compares it against previously analyzed and found as infectious apps.
This service has been running in the Market for a while now, and experts has seen a 40% decrease of potentially malicious downloads from Android Market between first and second halves of 2011. Surprisingly, the drop happened at the same time, when companies, who actually market and sell security software, have been reporting that the amount of malicious applications is only rising. Bad people cannot be prevented to create malware, however, it can be outlining that the amount of those bad applications being installed from Android Market is significantly decreasing.
So it seems, that Dr. Jiang and his research team discovered RootSmart, a malware, which allows itself to operate through scanner and permission checks. The way it works, is that RootSmart attempts to download malware from remote command and control servers for execution. If it’s successful, it may bypass androids built-in security mechanism.
Dr. Jiang mentioned in his blog that RootSmart downloads all kinds of malware, not only GingerBreak, which vulnerability was fixed by Google after May 2011. However, there are even devices that use the old and vulnerable versions of Android, so it’s hard to detect them. The cat and mouse game continues with the new Bouncer. Jiang says, that RootSmart won’t fool Bouncer, but it will certainly pose some challenge to it.
The current detection rate of RootSmart, when it is first installed in phone is quite small – only eight of 43 antiviruses, according to this link. However, if it will try to download other malware from the net, Jiang suspects that more anti-virus engines will detect the downloaded malware package, however, not necessarily RootSmart itself.
To avoid RootSmart, you should download apps only from reputable app stores, which are trusted. Always check reviews, ratings, and developer information before actually downloading. Always check permissions that apps require before installing them, and make sure so you know what information they will be accessing. And lastly, always be alert for unusual behavior of your mobile phones, keep your software up-to-date and have security software installed on your phone.
However, RootSmart in not found in Android Market at the moment. Bouncer is focused on malware in Android Market, so Dr. Jiang’s findings shouldn’t have any influence on any apps in the Market.
(source)
Recently commented malware