Autorooting malware LevelDropper detected, removed from Google Play Store

Autorooting malware roots a device to prepare it for actions only possible with more privileges.
Autorooting malware roots a device to prepare it for actions only possible with more privileges.

Researchers at Lookout last week identified a malicious app in the Google Play Store that disguises malware able to root a user's device so as to install unwanted applications.

LevelDropper, the research firm wrote, is representative of a new trend in mobile threats: autorooting malware, a strategy that roots a device to prepare it for actions only possible with more privileges, according to the Lookout blog.

Lookout collaborated with Google to have the malicious app removed.

The researchers were alerted to the danger when after first running LevelDropper they observed that the Location Services window popped up blank, a major red flag indicating a potential crash that can subsequently be exploited to gain an escalation in privilege.

Then, new apps began to appear on the phone, a sure sign that the application must have root access. After a half hour, 14 applications were downloaded without any user interaction.

Two privilege escalation exploits were found to be using publicly available proof-of-concept code to gain root access.

The Lookout researchers posit that the apps are being used to drive ad revenue and pump up popularity ratings.

If infected, perform a factory reset and install a security app capable of warning of malicious apps, Lookout advised.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS