Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Autorooting malware LevelDropper detected, removed from Google Play Store

Researchers at Lookout last week identified a malicious app in the Google Play Store that disguises malware able to root a user's device so as to install unwanted applications.

LevelDropper, the research firm wrote, is representative of a new trend in mobile threats: autorooting malware, a strategy that roots a device to prepare it for actions only possible with more privileges, according to the Lookout blog.

Lookout collaborated with Google to have the malicious app removed.

The researchers were alerted to the danger when after first running LevelDropper they observed that the Location Services window popped up blank, a major red flag indicating a potential crash that can subsequently be exploited to gain an escalation in privilege.

Then, new apps began to appear on the phone, a sure sign that the application must have root access. After a half hour, 14 applications were downloaded without any user interaction.

Two privilege escalation exploits were found to be using publicly available proof-of-concept code to gain root access.

The Lookout researchers posit that the apps are being used to drive ad revenue and pump up popularity ratings.

If infected, perform a factory reset and install a security app capable of warning of malicious apps, Lookout advised.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.