YOUR LATEST Android security worry is an ‘auto-rooting’ malware threat dubbed LevelDropper that silently roots a device in order to load it full of crap apps.
Researchers at Lookout uncovered the LevelDropper threat, which has bypassed Google Play’s security measures, and gives hackers complete control of an infected device, allowing them to remotely download more applications in order to pump up ad revenues.
“LevelDropper, an app in the Google Play store that we determined to be malicious, is the latest example of a new and persisting trend in mobile threats: auto-rooting malware,” said Colin Streicher of Lookout’s research and response team.
Streicher explained that, once installed, LevelDropper stealthily jailbreaks or roots the Android phone or tablet. Attackers can then remotely install additional applications.
“Immediately after running LevelDropper, we noticed that the LocationServices window popped up blank. This is a significant red flag,” he said.
“Shortly after, new applications not previously installed on the phone began to appear. The app never prompted the user to install the additional apps, which generally indicates that the application must have root access.”
Just 30 minutes after the LevelDropper malware was installed, Lookout noticed that 14 applications had been downloaded without any user interaction.
So, what’s the point? The security team suggested that the threat is designed to boost app ad revenues rather than scalp users’ personal details.
“For now, it seems like these apps are being used to drive ad revenues. In cases like this, developers often integrate auto-rooting functionality to drive app installs which can drive perceived popularity and ad revenue,” Streicher said.
Lookout hasn’t said which versions of Android are affected by LevelDropper, but it appears to have been tested on Android 4.4 KitKat.
However, it’s unlikely to do much more damage as the security firm has worked with Google to eliminate the malware. µ