Skip to main content

Dangerous Android Trojan Oldboot hits 350,000 devices

Oldboot is a persistent Android Trojan which has infected over 350,000 devices worldwide, according to Russian security firm Doctor Web.

Info Security notes that the Trojan has spread itself mostly across China (with 92 per cent of infections there), but also the US and Brazil, and a bit closer to home with appearances in Italy, Spain, Germany and Russia.

The UK isn’t listed as threatened yet, but this is definitely one to keep an eye out for. Oldboot, as the name suggests, acts like a bootkit – in other words, it insinuates itself way down into the kernel of Android, residing in the device’s memory and launching early in the boot process of the OS.

This means that even if it’s detected and ostensibly removed from the system, Oldboot can reinstall itself when the phone is fired up again.

Antivirus firm Doctor Web explains: “This malware is particularly dangerous because even if some elements of Android.Oldboot that were installed onto the mobile device after it was turned on are removed successfully, the component imei_chk will still reside in the protected memory area and will re-install the malware after a reboot and, thus, re-infect the system.”

The most likely route of Oldboot infection is when flashing a device with modified Android firmware that has the Trojan concealed within, Doctor Web noted.

Other reports suggest that Oldboot is merely a variant of an older piece of stubborn Android malware, but whatever its origin, you don’t want to get this fellow on your phone.